Petr Pisar

**Name of the Vulnerable Software and Affected Versions** SWI-Prolog versions prior to 6.2.5 SWI-Prolog versions 6.3.x prior to 6.3.7 **Description** The issue is related to multiple stack-based buffer overflows in the `canoniseFileName` function. This can be exploited by remote attackers using a crafted filename, potentially leading to a denial of service or the execution of arbitrary code. **Recommendations** For SWI-Prolog versions prior to 6.2.5, update to version 6.2.5 or later. For SWI-Prolog versions 6.3.x prior to 6.3.7, update to version 6.3.7 or later.

**Name of the Vulnerable Software and Affected Versions** SWI-Prolog versions prior to 6.2.5 SWI-Prolog versions 6.3.x prior to 6.3.7 **Description** The issue is related to multiple stack-based buffer overflows in the expand function in os/pl-glob.c. This can be exploited by remote attackers using a crafted filename, potentially leading to a denial of service (application crash) or possibly the execution of arbitrary code. **Recommendations** For SWI-Prolog versions prior to 6.2.5, update to version 6.2.5 or later. For SWI-Prolog versions 6.3.x prior to 6.3.7, update to version 6.3.7 or later.

**Name of the Vulnerable Software and Affected Versions** Perl versions prior to 5.14.2 **Description** The issue is related to the bsd glob function in the File::Glob module for Perl, which allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB ALTDIRFUNC flag. This triggers an uninitialized pointer dereference. The vulnerability is also associated with resource release errors. Exploitation may allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 5.14.2, update to version 5.14.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of the GLOB ALTDIRFUNC flag in the bsd glob function until a patch is available. Restrict access to the bsd glob function to minimize the risk of exploitation. Avoid using the bsd glob function with untrusted input until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Encode module versions prior to 2.44 Perl versions prior to 5.15.6 **Description** The issue is related to an off-by-one error in the decode xs function, which can lead to a denial of service due to memory corruption. This is caused by a heap-based buffer overflow when processing a crafted Unicode string. The vulnerability is associated with errors in number processing and can be exploited by a remote attacker to cause a denial of service. **Recommendations** For Encode module versions prior to 2.44, update to version 2.44 or later. For Perl versions prior to 5.15.6, update to version 5.15.6 or later.