Luis Merino

**Nome do software vulnerável e versões afetadas** Versões do YARA anteriores à 4.0.4 **Descrição** A vulnerabilidade está relacionada a um estouro de inteiro e a várias leituras de estouro de buffer no módulo libyara/modules/macho/macho.c do YARA. Isso poderia permitir que um invasor causasse negação de serviço ou divulgação de informações por meio de um arquivo Mach-O malicioso. A exploração dessa vulnerabilidade pode permitir que um invasor remoto acesse dados confidenciais e cause interrupção do serviço. **Recomendações** Para versões anteriores à 4.0.4, atualize para a versão 4.0.4 ou posterior para resolver o problema. Como solução temporária, considere restringir o uso do módulo `macho.c` até que um patch esteja disponível. Evite processar arquivos Mach-O maliciosos ou não confiáveis com versões afetadas do YARA para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** bsdiff tools versão 4.3 **Descrição** Existe um problema de corrupção de memória devido a verificações insuficientes no tratamento de entradas externas, permitindo que um invasor contorne as verificações de validade e escreva além dos limites de um buffer alocado dinamicamente. **Recomendações** Para a versão 4.3, considere atualizar para uma versão mais recente que corrija esse problema, pois a versão atual permite a corrupção de memória devido a verificações de entrada insuficientes. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60.7.1 **Description** A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in `icalrecur add bydayrules` when processing certain email messages, resulting in a potentially exploitable crash. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Thunderbird versions prior to 60.7.1, update to version 60.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of email messages that may trigger the `icalrecur add bydayrules` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60.7.1 **Description** A flaw in Thunderbird's implementation of iCal causes a type confusion in `icaltimezone get vtimezone properties` when processing certain email messages, resulting in a crash. The vulnerability is related to a lack of type checking of the passed object, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Thunderbird versions prior to 60.7.1, update to version 60.7.1 or later to resolve the issue. As a temporary workaround, consider avoiding the processing of suspicious email messages that may trigger the type confusion in `icaltimezone get vtimezone properties`.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60.7.1 **Description** A flaw in the implementation of iCal in Thunderbird causes a heap buffer overflow in `parser get next char` when processing certain email messages, resulting in a potentially exploitable crash. This issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Thunderbird versions prior to 60.7.1, update to version 60.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of certain email messages that may trigger the heap buffer overflow in `parser get next char` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 60.7.1 **Description** The issue is related to a heap buffer overflow in the `icalmemory strdup and dequote` function when processing certain email messages, potentially leading to a crash. This could allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 60.7.1, update to version 60.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of email messages that could trigger the `icalmemory strdup and dequote` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** HylaFAX version 6.0.6 HylaFAX+ version 5.6.0 **Description** The issue allows remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled. This is mishandled in the `FaxModem::writeECMData()` function in the faxd/CopyQuality.c++ file. **Recommendations** For HylaFAX version 6.0.6, consider disabling the `FaxModem::writeECMData()` function until a patch is available. For HylaFAX+ version 5.6.0, restrict access to the faxd/CopyQuality.c++ file to minimize the risk of exploitation.