Shuitao Gan

**Name of the Vulnerable Software and Affected Versions** libLAS version 1.8.1 **Description** The issue is a heap-based buffer over-read that occurs at the `GetGTIF()` function in `spatialreference.cpp`, which can cause a denial of service. **Recommendations** For libLAS version 1.8.1, consider disabling the `GetGTIF()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libLAS version 1.8.1 **Description** The issue is related to a Segmentation fault triggered by illegal address access at the `GetGTIF()` function in `spatialreference.cpp`. This will cause a denial of service. **Recommendations** For libLAS version 1.8.1, consider disabling the `GetGTIF()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libLAS version 1.8.1 **Description** The issue is related to a NULL pointer dereference at `liblas::SpatialReference::GetGTIF()` in the `spatialreference.cpp` file of libLAS. This will cause a denial of service. **Recommendations** For libLAS version 1.8.1, consider updating to a newer version that contains a fix for this issue, as the current version is affected by the NULL pointer dereference in the `GetGTIF()` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsixel version 1.8.2 **Description** The issue is related to a NULL pointer dereference in the `sixel helper set additional message` function, located in the status.c file of the libsixel library. This will cause a denial of service. **Recommendations** For libsixel version 1.8.2, consider disabling the `sixel helper set additional message` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsixel version 1.8.2 **Description** The issue is a heap-based buffer over-read located in the stb image write.h file, specifically within the `stbi write png to mem` function. This will cause a denial of service. **Recommendations** For libsixel version 1.8.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libConfuse version 3.2.2 **Description** The issue is related to a memory leak in the `cfg init` function in `confuse.c`. **Recommendations** For libConfuse version 3.2.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libsixel version 1.8.2 **Description** The issue is related to an illegal address access in the `sixel decode raw impl` function within the fromsixel.c file of libsixel. This will cause a denial of service. **Recommendations** For libsixel version 1.8.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libsixel version 1.8.2 **Description** A heap-based buffer overflow occurs in the `image buffer resize` function within the fromsixel.c file of libsixel, potentially causing a denial of service or other unspecified impacts. **Recommendations** For libsixel version 1.8.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsixel version 1.8.2 **Description** The issue is a heap-based buffer over-read that occurs in the `write png to file` function within the writer.c file of libsixel. This will cause a denial of service. **Recommendations** For libsixel version 1.8.2, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libcaca version 0.99.beta19 **Description** The issue is related to an integer overflow in the `caca file read` function of the libcaca graphics library, located in caca/file.c. This allows a remote attacker to gain unauthorized access to information due to an illegal WRITE memory access. **Recommendations** For libcaca version 0.99.beta19, consider disabling the `caca file read` function as a temporary workaround until a patch is available. Restrict access to the affected caca/file.c module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libcaca version 0.99.beta19 **Description** The issue is related to an integer overflow in the `get rgba default` function, located in caca/dither.c, which can lead to an illegal READ memory access, particularly for 24bpp data. This can potentially allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For libcaca version 0.99.beta19, consider disabling the `get rgba default` function as a temporary workaround until a patch is available. Restrict access to the caca/dither.c module to minimize the risk of exploitation. Avoid using the affected function for 24bpp data until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** juniper/libslax version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5) **Description** The issue is related to a buffer overflow in the `slaxGetInput` function, located in the `slaxlexer.c` component. This can be exploited to cause a remote denial of service. The attack vector involves using the `./slaxproc` command with the `--slax-to-xslt` option and a proof-of-concept file, such as `POC0`. The vulnerability allows a remote attacker to cause a denial of service. **Recommendations** For juniper/libslax version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5), consider disabling the `slaxGetInput` function in the `slaxlexer.c` component as a temporary workaround to minimize the risk of exploitation. Avoid using the `./slaxproc` command with the `--slax-to-xslt` option until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** libwebm versions prior to 2018-10-03 **Description** The issue is related to an abort caused by the function libwebm::Webm2Pes::InitWebmParser(), which can lead to a denial of service (DoS) attack. **Recommendations** For versions prior to 2018-10-03, update to a version released after 2018-10-03 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LibSass version 3.5-stable **Description** The issue is related to an illegal address access at the `parse css variable value token` function in the `Sass::Parser` module, which can lead to a denial-of-service (DoS) attack. **Recommendations** For LibSass version 3.5-stable, consider updating to a newer version that addresses this issue, as the current version is susceptible to a DoS attack due to the illegal address access in the `parse css variable value token` function.

**Name of the Vulnerable Software and Affected Versions** libwpd version 0.10.2 **Description** The issue is related to a NULL pointer dereference in the `WP6ContentListener::defineTable()` function, which can lead to a denial of service attack. This is associated with errors in pointer handling. The exploitation of this issue may allow a remote attacker to cause a service disruption. **Recommendations** For libwpd version 0.10.2, consider disabling the `WP6ContentListener::defineTable()` function as a temporary workaround until a patch is available. Restrict access to the WP6ContentListener module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LibSass version 3.4.5 **Description** The issue is related to memory leaks triggered by deeply nested code, such as a long sequence of open parenthesis characters, which can lead to a remote denial of service attack. **Recommendations** For LibSass version 3.4.5, consider updating to a newer version to mitigate the risk of memory leaks and denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.