Qflb.Wu

**Name of the Vulnerable Software and Affected Versions** libebml2 versions prior to 2012-08-26 **Description** The issue allows remote attackers to cause a denial of service, resulting in a null pointer dereference and application crash, via a crafted mkv file. This is due to a problem in the EBML FindNextElement function in ebmlmain.c. **Recommendations** For versions prior to 2012-08-26, consider updating to a version released after 2012-08-26 to resolve the issue. As a temporary workaround, consider restricting the use of crafted mkv files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** mkclean version 0.8.9 **Description** The issue allows remote attackers to cause a denial of service via a crafted mkv file. This is due to a problem in the Node ValidatePtr function in corec/corec/node/node.c. **Recommendations** For mkclean version 0.8.9, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libebml2 versions prior to 2012-08-26 **Description** The issue allows remote attackers to cause a denial of service via a crafted mkv file. This is due to a problem in the EBML IntegerValue function in ebmlnumber.c. **Recommendations** For versions prior to 2012-08-26, update to a version released after 2012-08-26 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libebml2 versions prior to 2012-08-26 **Description** The issue allows remote attackers to cause a denial of service via a crafted mkv file, specifically through the UpdateDataSize function in ebmlmaster.c. **Recommendations** For versions prior to 2012-08-26, consider avoiding the use of the UpdateDataSize function in ebmlmaster.c until a patch is available. Restrict access to crafted mkv files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid memory read and application crash, via a crafted gig file. This is due to a problem in the gig::Region::GetSampleFromWavePool function in gig.cpp. **Recommendations** For libgig version 4.0.0, consider avoiding the use of crafted gig files until a patch is available. As a temporary workaround, restricting access to the gig::Region::GetSampleFromWavePool function may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted gig file. This is due to a problem in the LoadString function in helper.h. **Recommendations** For libgig version 4.0.0, consider avoiding the use of crafted gig files until a patch is available. As a temporary workaround, restricting access to the LoadString function in helper.h may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted gig file. This is due to a problem in the gig::Region::Region function in gig.cpp. **Recommendations** For libgig version 4.0.0, consider avoiding the use of crafted gig files until a patch is available. As a temporary workaround, restrict access to the gig::Region::Region function in gig.cpp to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a stack-based buffer over-read and application crash, via a crafted gig file. This is due to a problem in the gig::DimensionRegion::CreateVelocityTable function in gig.cpp. **Recommendations** For libgig version 4.0.0, as a temporary workaround, consider disabling the use of the gig::DimensionRegion::CreateVelocityTable function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.0.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid memory write and application crash, by using a crafted gig file. This is due to a problem in the gig::Instrument::UpdateRegionKeyTable function in gig.cpp. **Recommendations** For libgig version 4.0.0, consider avoiding the use of crafted gig files until a patch is available. As a temporary workaround, restrict access to the gig::Instrument::UpdateRegionKeyTable function in gig.cpp to minimize the risk of exploitation.

[Content removed]

**Name of the Vulnerable Software and Affected Versions** minidjvu version 0.8 **Description** The issue is related to the `row is empty` function in `base/4bitmap.c` at line 272, which can cause a denial of service due to an invalid memory read and application crash when processing a crafted djvu file. **Recommendations** For minidjvu version 0.8, consider avoiding the use of crafted djvu files until a patch is available. As a temporary workaround, restrict the processing of untrusted djvu files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** minidjvu version 0.8 **Description** The issue is related to the mdjvu bitmap pack row function in the base/4bitmap.c file, which can cause a denial of service due to an invalid memory read and application crash when processing a crafted djvu file. **Recommendations** For minidjvu version 0.8, consider avoiding the use of crafted djvu files until a patch is available. As a temporary workaround, restrict the processing of untrusted djvu files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

[Content removed]

[Content removed]

[Content removed]

**Name of the Vulnerable Software and Affected Versions** minidjvu version 0.8 **Description** The issue is related to the JB2BitmapCoder::code row by refinement function in minidjvu, which can cause a denial of service due to an invalid memory read and application crash when processing a crafted djvu file. **Recommendations** For minidjvu version 0.8, consider avoiding the use of crafted djvu files until a patch is available. As a temporary workaround, restrict the input to trusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mpg321 version 0.3.2-1 **Description** The issue is related to improper memory management in mpg321 when used with libmad, which can be exploited by remote attackers using a crafted MP3 file. This can cause a denial of service due to memory corruption, leading to a crash in the mad decoder run function in libmad's decoder.c. **Recommendations** For mpg321 version 0.3.2-1, consider updating to a newer version that properly manages memory for use with libmad to prevent memory corruption and denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** SoX version 14.4.2 **Description** The issue allows remote attackers to cause a denial of service, resulting in a divide-by-zero error and application crash, via a crafted snd file during conversion to a wav file. **Recommendations** For SoX version 14.4.2, consider avoiding the use of the wavwritehdr function in wav.c until a patch is available. As a temporary workaround, restrict the conversion of crafted snd files to wav files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libid3tag version 0.15.1b **Description** The issue allows remote attackers to cause a denial of service (OOM) via a crafted MP3 file. This is due to a problem in the `id3 field parse` function in field.c. **Recommendations** For libid3tag version 0.15.1b, consider avoiding the use of the `id3 field parse` function until a patch is available. As a temporary workaround, restrict the processing of MP3 files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libid3tag version 0.15.1b **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL Pointer Dereference and application crash, via a crafted mp3 file. This is due to a problem in the id3 ucs4 length function in ucs4.c. **Recommendations** For libid3tag version 0.15.1b, at the moment, there is no information about a newer version that contains a fix for this issue.