Marco Romano

**Name of the Vulnerable Software and Affected Versions** libquicktime versions 1.2.4 and earlier **Description** The issue is related to an integer overflow in the `quicktime read pascal` function, which can be triggered by a crafted hdlr MP4 atom. This can lead to a denial of service or potentially other unspecified impacts. **Recommendations** For libquicktime versions 1.2.4 and earlier, consider updating to a version later than 1.2.4 to resolve the issue. As a temporary workaround, restrict the processing of crafted hdlr MP4 atoms to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libsndfile version 1.0.25 **Description** The issue is related to a heap-based buffer overflow that can be triggered by the headindex value in the header of an AIFF file. This allows remote attackers to have an unspecified impact. **Recommendations** For libsndfile version 1.0.25, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the processing of AIFF files with potentially malicious headindex values in the header. Avoid using the `headindex` value in the AIFF file header until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.