Mei Wang

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 Safari versions prior to 10.1 tvOS versions prior to 10.2 watchOS versions prior to 3.2 **Description** The issue involves the CoreGraphics component and is caused by a buffer overflow in memory. It allows remote attackers to execute arbitrary code or cause a denial of service, such as memory corruption and application crash, via a specially crafted web site. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later to resolve the issue. For Safari versions prior to 10.1, update to version 10.1 or later to resolve the issue. For tvOS versions prior to 10.2, update to version 10.2 or later to resolve the issue. For watchOS versions prior to 3.2, update to version 3.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 4.0.6 and earlier **Description** The issue allows remote attackers to cause a denial of service via a crafted BMP image when the "-c none" option is used with the `DumpModeEncode` function in the bmp2tiff tool. **Recommendations** For LibTIFF versions 4.0.6 and earlier, as a temporary workaround, consider avoiding the use of the "-c none" option with the bmp2tiff tool until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 4.0.6 and earlier **Description** The issue allows remote attackers to cause a denial of service, specifically a buffer over-read, via a crafted BMP image when the "-c zip" option is used with the ZIPEncode function in the bmp2tiff tool. **Recommendations** For LibTIFF versions 4.0.6 and earlier, consider avoiding the use of the "-c zip" option with the bmp2tiff tool until a fix is available. As a temporary workaround, restrict the processing of BMP images from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 4.0.6 and earlier **Description** The issue allows a remote attacker to cause a denial of service via a crafted TIFF image. This is due to an out-of-bounds read in the `tif read.c` file of the `tiff2bw` tool in LibTIFF. **Recommendations** For LibTIFF versions 4.0.6 and earlier, consider disabling the `tiff2bw` tool until a patch is available to prevent potential denial of service attacks. Restrict access to the `tif read.c` function to minimize the risk of exploitation. Avoid using the `tiff2bw` tool with untrusted TIFF images until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.6 and earlier **Description** The issue allows remote attackers to cause a denial of service, specifically a divide-by-zero error, via a crafted TIFF image. This is due to a problem in the fpAcc function in tif predict.c in the tiff2rgba tool. **Recommendations** For LibTIFF version 4.0.6 and earlier, update to a version later than 4.0.6 to resolve the issue. At the moment, there is no information about other specific mitigation measures for this issue.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 4.0.6 and earlier **Description** The issue allows remote attackers to cause a denial of service by setting certain parameters to 0. Specifically, this can be done by setting the `v` or `h` parameter to 0 in the rgb2ycbcr tool. **Recommendations** For LibTIFF versions 4.0.6 and earlier, consider updating to a newer version to resolve the issue. As a temporary workaround, avoid using the `v` or `h` parameter with a value of 0 in the rgb2ycbcr tool until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 4.0.6 and earlier **Description** The issue allows remote attackers to cause a denial of service by setting the `-v` option to -1, resulting in an out-of-bounds write. This is related to the `cvtClump` function in the `rgb2ycbcr` tool. **Recommendations** For LibTIFF versions 4.0.6 and earlier, as a temporary workaround, consider disabling the `cvtClump` function in the `rgb2ycbcr` tool until a patch is available. Avoid using the `-v` option with a value of -1 in the affected tool to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 4.0.6 and earlier **Description** The issue allows remote attackers to cause a denial of service, specifically a buffer over-read, through a crafted BMP image when the "-c lzw" option is used. This is due to a problem in the LZWEncode function in tif lzw.c in the bmp2tiff tool. **Recommendations** For LibTIFF versions 4.0.6 and earlier, consider disabling the use of the "-c lzw" option until a patch is available to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 49.0 Firefox ESR versions 45.x prior to 45.4 Thunderbird versions prior to 45.4 **Description** The issue is related to a use-after-free vulnerability in the `mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap` function. This vulnerability can be exploited by a remote attacker to execute arbitrary code using bidirectional text. **Recommendations** For Mozilla Firefox versions prior to 49.0, update to version 49.0 or later. For Firefox ESR versions 45.x prior to 45.4, update to version 45.4 or later. For Thunderbird versions prior to 45.4, update to version 45.4 or later.