Taekyoung Kwon

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.2.5 macOS versions prior to 10.13.3 tvOS versions prior to 11.2.5 watchOS versions prior to 4.2.2 **Description** The issue involves the `Audio` component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted audio file. **Recommendations** For iOS versions prior to 11.2.5, update to version 11.2.5 or later. For macOS versions prior to 10.13.3, update to version 10.13.3 or later. For tvOS versions prior to 11.2.5, update to version 11.2.5 or later. For watchOS versions prior to 4.2.2, update to version 4.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.30 **Description** The issue is related to the `bfd section from shdr` function in the `elf.c` component of the Binary File Descriptor (BFD) library. It allows remote attackers to cause a denial of service, resulting in a segmentation fault, via a large attribute section. This is due to insufficient input validation. **Recommendations** For GNU Binutils version 2.30, consider applying a patch or fix that addresses the insufficient input validation in the `bfd section from shdr` function to prevent denial of service attacks. As a temporary workaround, consider restricting the size of attribute sections to prevent large sections from causing a segmentation fault.

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29.1 Description: The issue is related to the load debug section function in the readelf.c component of GNU Binutils, which is associated with a buffer overflow in memory. This can be exploited by a remote attacker using a specially crafted ELF file, potentially allowing access to confidential data, disrupting data integrity, and causing a denial of service through invalid memory access and application crash. Recommendations: For GNU Binutils version 2.29.1, consider restricting the use of the load debug section function until a patch is available. As a temporary workaround, avoid processing ELF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.29.1 Description: The issue is related to the `pe bfd read buildid` function in the `peicode.h` component of the Binary File Descriptor (BFD) library. It does not validate size and offset values in the data dictionary, allowing remote attackers to cause a denial of service, such as a segmentation violation and application crash, or possibly have other unspecified impacts via a crafted PE file. The vulnerability is also associated with an integer overflow, which can be exploited by a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using a specially crafted PE file. Recommendations: For GNU Binutils version 2.29.1, consider disabling the `pe bfd read buildid` function as a temporary workaround until a patch is available. Restrict access to the `peicode.h` component to minimize the risk of exploitation. Avoid using the vulnerable function with untrusted PE files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10 Apple OS X versions prior to 10.12 Apple tvOS versions prior to 10 Apple watchOS versions prior to 3 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via unspecified vectors. **Recommendations** For Apple iOS versions prior to 10, update to version 10 or later. For Apple OS X versions prior to 10.12, update to version 10.12 or later. For Apple tvOS versions prior to 10, update to version 10 or later. For Apple watchOS versions prior to 3, update to version 3 or later.