Marc Schoenefeld

**Nome do Software Vulnerável e Versões Afetadas** Versões do GarageBand anteriores à 10.4.12 **Descrição** O problema foi resolvido com verificações de limites aprimoradas. O processamento de uma imagem criada de forma maliciosa pode levar à execução arbitrária de código. O problema foi corrigido melhorando as verificações de limites e foi relatado por Mark Schenfeld, Ph.D. **Recomendações** Para versões do GarageBand anteriores à 10.4.12, atualize para a versão 10.4.12 para resolver o problema. Como solução temporária, considere evitar o processamento de imagens de fontes não confiáveis até que a atualização seja aplicada.

Nome do software vulnerável e versões afetadas: Versões do Firefox anteriores à 133 Versões do Thunderbird anteriores à 133 Descrição: Pode ter ocorrido uma desreferência de ponteiro nulo na ferramenta `pk12util`, especificamente na função `SEC ASN1DecodeItem Util`, ao processar arquivos de entrada malformados ou formatados incorretamente. Esse problema pode permitir que um invasor remoto cause uma negação de serviço. Recomendações: Para versões do Firefox anteriores à 133, atualize para uma versão que inclua a correção para este problema. Para versões do Thunderbird anteriores à 133, atualize para uma versão que inclua a correção para este problema. Como solução temporária, considere restringir o uso da ferramenta `pk12util` e da função `SEC ASN1DecodeItem Util` até que um patch esteja disponível.

**Nome do software vulnerável e versões afetadas** Versões do GarageBand anteriores à 10.4.11 **Descrição** Um problema de uso após liberação de memória (use-after-free) foi corrigido com um gerenciamento de memória aprimorado. O processamento de um arquivo criado com intenção maliciosa pode levar ao encerramento inesperado do aplicativo ou à execução de código arbitrário. Esse problema afeta usuários do macOS Sonoma e Ventura. **Recomendações** Para versões do GarageBand anteriores à 10.4.11, atualize para a versão 10.4.11 para resolver o problema. Como solução temporária, considere evitar o processamento de arquivos criados com intenção maliciosa até que a atualização seja aplicada.

**Nome do software vulnerável e versões afetadas** Versões do tvOS anteriores à 15.4 Versões do iOS anteriores à 15.4 Versões do iPadOS anteriores à 15.4 Versões do watchOS anteriores à 8.5 **Descrição** Um problema de corrupção de memória foi corrigido com uma validação aprimorada. O processamento de uma imagem criada com intenção maliciosa pode levar à corrupção da pilha (heap). **Recomendações** Para versões do tvOS anteriores à 15.4, atualize para o tvOS 15.4 para resolver o problema. Para versões do iOS anteriores à 15.4, atualize para o iOS 15.4 para resolver o problema. Para versões do iPadOS anteriores à 15.4, atualize para o iPadOS 15.4 para resolver o problema. Para versões do watchOS anteriores à 8.5, atualize para o watchOS 8.5 para resolver o problema.

**Name of the Vulnerable Software and Affected Versions** JBoss BRMS versions prior to 5.1.0 **Description** The issue is related to a XSS vulnerability. It can be exploited via the `asset` parameter, specifically when using a `UUID` value. **Recommendations** For versions prior to 5.1.0, update to version 5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameter `asset` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JBoss ON versions 2.1.x through 2.1.2 before SP1 **Description** The issue allows users to obtain unauthorized security information about private resources managed by JBoss ON. **Recommendations** For JBoss ON versions 2.1.x through 2.1.2 before SP1, update to at least version 2.1.2 SP1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IcedTea6 versions prior to 1.7.4 **Description** The issue allows unsigned apps to read and write arbitrary files due to improper checking of property access. **Recommendations** For versions prior to 1.7.4, update to version 1.7.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apache jUDDI version 3.0.0 **Description** The issue concerns the console in Apache jUDDI, which fails to properly escape line feeds. This allows remote authenticated users to spoof log entries by manipulating the `numRows` parameter. **Recommendations** For Apache jUDDI version 3.0.0, consider restricting access to the console until a proper fix is available, and avoid using the `numRows` parameter in a way that could facilitate log entry spoofing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.3 Apple OS X versions prior to 10.10.3 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted font file. **Recommendations** For Apple iOS versions prior to 8.3, update to version 8.3 or later. For Apple OS X versions prior to 10.10.3, update to version 10.10.3 or later.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss BRMS versions prior to 6.0.1 Red Hat JBoss BPM Suite versions prior to 6.0.1 JBoss Drools (affected versions not specified) **Description** The issue allows remote authenticated users to execute arbitrary Java code. This can be achieved via either MVFLEX Expression Language (MVEL) or Drools expressions. **Recommendations** For Red Hat JBoss BRMS versions prior to 6.0.1, update to version 6.0.1 or later. For Red Hat JBoss BPM Suite versions prior to 6.0.1, update to version 6.0.1 or later. For JBoss Drools, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** icclib versions prior to 2.13 Argyll CMS versions prior to 1.4 **Description** The issue is related to a use-after-free vulnerability that can be triggered by a crafted ICC profile file, potentially allowing remote attackers to cause a denial of service or execute arbitrary code. **Recommendations** For icclib versions prior to 2.13, update to version 2.13 or later. For Argyll CMS versions prior to 1.4, update to version 1.4 or later.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.7.3 **Description** The issue is related to the OpenGL implementation, which does not properly perform OpenGL Shading Language compilation. This allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted program. **Recommendations** For versions prior to 10.7.3, update to Mac OS X 10.7.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Android SDK versions prior to 2.3 **Description** The issue is related to the dexdump tool in the Android SDK, which does not properly perform structural verification. This allows user-assisted remote attackers to cause a denial of service, potentially leading to a crash, and possibly execute arbitrary code via a malformed APK or dex file. The attack vector involves a dex file that calls a method using more arguments than the number of registers declared for that method. **Recommendations** For Android SDK versions prior to 2.3, update to version 2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.7 **Description** The issue is related to multiple buffer overflows in Apple Type Services (ATS) that allow remote attackers to execute arbitrary code. This can be achieved by using a document containing a crafted embedded TrueType font. **Recommendations** For versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.7 **Description** The issue is related to multiple buffer overflows in Apple Type Services (ATS) that allow remote attackers to execute arbitrary code. This can be achieved by providing a document containing a crafted SFNT table in an embedded font. **Recommendations** For versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.7 **Description** A heap-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a document containing a crafted embedded OpenType font. **Recommendations** For Apple Mac OS X versions prior to 10.6.7, update to version 10.6.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions prior to 1.2 **Description** The issue is related to a heap-based buffer overflow in the wiretap/pcapng.c file, which can be triggered by a crafted capture file. This can cause a denial of service, resulting in an application crash, or potentially allow the execution of arbitrary code. **Recommendations** For versions prior to 1.2, update to version 1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IcedTea-Web versions prior to 1.0.1 OpenJDK Runtime Environment version 1.6.0 **Description** The issue allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of an inappropriate security descriptor in the JNLPClassLoader class. **Recommendations** For IcedTea-Web versions prior to 1.0.1, update to version 1.0.1 or later. For OpenJDK Runtime Environment version 1.6.0, consider upgrading to a newer version that incorporates the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** OpenOffice.org versions 2.x through 3.x prior to 3.3 **Description** The issue is related to multiple directory traversal vulnerabilities. These vulnerabilities allow remote attackers to add and execute commands of their choice through the use of .. (dot dot) in the `site` parameter to (1) "index.php" and (2) "admin.php". Additionally, attackers can overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files. This could potentially allow a remote attacker to access confidential data, disrupt its integrity, and cause a denial of service. **Recommendations** For OpenOffice.org versions 2.x through 3.x prior to 3.3, update to version 3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the XSLT JAR filter and Extension (aka OXT) files until a patch is available. Avoid using the `site` parameter in the affected API endpoints "index.php" and "admin.php" until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** OpenOffice.org (OOo) versions 2.x through 3.x before 3.3 **Description** The issue is related to a heap-based buffer overflow in Impress, which can be triggered by a crafted PNG file in an ODF or Microsoft Office document. This can cause a denial of service, resulting in an application crash, or possibly allow the execution of arbitrary code. The vulnerability can be exploited by a remote attacker, potentially leading to unauthorized access to confidential data, disruption of service, or impact on data integrity. **Recommendations** For OpenOffice.org (OOo) versions 2.x through 3.x before 3.3, update to version 3.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted PNG files in ODF or Microsoft Office documents until a patch is applied. Restrict access to potentially vulnerable documents to minimize the risk of exploitation.