Patrick Coleman

**Name of the Vulnerable Software and Affected Versions** VLC media player versions prior to 2.2.4 **Description** The issue is related to a buffer overflow in the DecodeAdpcmImaQT function, which can be exploited by remote attackers using a crafted QuickTime IMA file. This could lead to a denial of service or possibly allow the execution of arbitrary code. The vulnerability is due to the lack of input data sanitization. **Recommendations** For versions prior to 2.2.4, update to version 2.2.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the DecodeAdpcmImaQT function until a patch is applied. Restrict access to crafted QuickTime IMA files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PuTTY versions 0.51 through 0.63 **Description** The issue concerns the `ssh2 load userkey` and `ssh2 save userkey` functions, which do not properly wipe SSH-2 private keys from memory. This allows local users to obtain sensitive information by reading the memory. **Recommendations** For PuTTY versions 0.51 through 0.63, update to a version that properly handles the wiping of SSH-2 private keys from memory to prevent sensitive information disclosure.