Laurent Delosieres

**Nome do software vulnerável e versões afetadas** Clam AntiVirus versões 0.103.4 e anteriores Clam AntiVirus versão 0.104.1 **Descrição** O problema está relacionado à validação insuficiente de entradas no módulo de análise OOXML. Um invasor poderia explorar essa vulnerabilidade enviando um arquivo OOXML especialmente criado para um dispositivo afetado, potencialmente causando uma condição de negação de serviço devido a verificações inadequadas que podem resultar na leitura de um ponteiro inválido. Isso poderia permitir que o invasor causasse uma falha no processo de verificação do ClamAV. **Recomendações** Para as versões 0.103.4 e anteriores do Clam AntiVirus, atualize para uma versão que inclua a correção para este problema. Para a versão 0.104.1 do Clam AntiVirus, atualize para uma versão que inclua a correção para este problema. Como solução temporária, considere restringir o processamento de arquivos OOXML até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Zoom Client for Meetings para Windows, versões anteriores à 5.5.4 **Descrição** O problema está relacionado à verificação inadequada de assinaturas criptográficas em arquivos com extensões .msi, .ps1 e .bat. Isso poderia permitir que um agente mal-intencionado instalasse software malicioso no computador de um cliente, comprometendo potencialmente a integridade das informações protegidas. **Recomendações** Para versões anteriores à 5.5.4, atualize para a versão 5.5.4 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir a execução de arquivos com extensões .msi, .ps1 e .bat até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** libexif version 0.6.21 **Description** The issue is related to an error when processing the EXIF IFD INTEROPERABILITY and EXIF IFD EXIF tags within the libexif library. This error can be exploited to exhaust available CPU resources, potentially leading to a denial of service. The vulnerability can be exploited by a remote attacker. **Recommendations** For libexif version 0.6.21, consider updating to a newer version that addresses this issue, although the specific fixed version is not provided in the available data. As a temporary workaround, consider restricting the processing of EXIF files or limiting the resources available to the libexif library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.8 **Description** A type confusion error within the `identify()` function in LibRaw can be exploited to trigger a division by zero, potentially leading to a denial of service. The issue is related to a lack of division by zero checking in the internal/dcraw common.cpp component of the image processing library. **Recommendations** For versions prior to 0.18.8, update to version 0.18.8 or later to resolve the issue. As a temporary workaround, consider disabling the `identify()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.8 **Description** The issue is related to a boundary error within the `quicktake 100 load raw()` function in the internal/dcraw common.cpp component of the LibRaw library. This error can lead to a stack-based buffer overflow, causing a crash. Additionally, it may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 0.18.8, update to version 0.18.8 or later to resolve the issue. As a temporary workaround, consider disabling the `quicktake 100 load raw()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.8 **Description** The issue is related to an error within the `leaf hdr load raw()` function in the internal/dcraw common.cpp component of LibRaw, which can be exploited to trigger a NULL pointer dereference. This can allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 0.18.8, update to version 0.18.8 or later to resolve the issue. As a temporary workaround, consider disabling the `leaf hdr load raw()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.7 **Description** The issue is related to an error in the `kodak radc load raw()` function, specifically with the `buf` variable, which can cause an out-of-bounds read memory access, leading to a crash. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 0.18.7, update to version 0.18.7 or later to resolve the issue. As a temporary workaround, consider disabling the `kodak radc load raw()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.7 **Description** The issue is related to errors in pointer dereferencing within the LibRaw library for image processing, specifically in the src/libraw cxx.cpp component. This can be exploited by a remote attacker to cause a denial of service. The `LibRaw::unpack()` function is particularly affected, allowing for a NULL pointer dereference. **Recommendations** For versions prior to 0.18.7, update to version 0.18.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `LibRaw::unpack()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.7 **Description** The issue is related to an off-by-one error within the `LibRaw::kodak ycbcr load raw()` function in the internal/dcraw common.cpp component of the LibRaw library. This error can lead to a heap-based buffer overflow, causing a crash. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 0.18.7, update to version 0.18.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `LibRaw::kodak ycbcr load raw()` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** libsndfile version 1.0.28 **Description** The issue is related to an error in the `aiff read chanmap()` function, which can cause an out-of-bounds read memory access. This can be exploited via a specially crafted AIFF file, potentially allowing a remote attacker to compromise data confidentiality, integrity, and availability. **Recommendations** For libsndfile version 1.0.28, consider avoiding the use of the `aiff read chanmap()` function until a patch is available. As a temporary workaround, restrict the processing of AIFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.