Traceprobe

**Name of the Vulnerable Software and Affected Versions** Long Range Zip (aka lrzip) version 0.631 **Description** The issue is related to a use-after-free in the `lzma decompress buf` function of `stream.c`, allowing remote attackers to cause a denial of service, such as an application crash, or possibly have other unspecified impacts. **Recommendations** For Long Range Zip (aka lrzip) version 0.631, as a temporary workaround, consider disabling the `lzma decompress buf` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MuPDF version 1.13.0 Description: The issue is related to an infinite loop in the `fz skip space` function of the pdf/pdf-xref.c file. This could allow a remote adversary to cause a denial of service via a crafted pdf file. Recommendations: For MuPDF version 1.13.0, consider disabling the `fz skip space` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: radare2 version 2.5.0 Description: The issue is a heap-based buffer over-read in the `dalvik op` function, located in `libr/anal/p/anal dalvik.c`. This can be exploited by remote attackers to cause a denial of service using a crafted DEX file. Recommendations: For radare2 version 2.5.0, as a temporary workaround, consider disabling the `dalvik op` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: radare2 version 2.5.0 Description: The issue is a heap-based buffer over-read in the `r hex bin2str` function, located in `libr/util/hex.c`. This could allow remote attackers to cause a denial of service by providing a crafted DEX file. Recommendations: For radare2 version 2.5.0, consider avoiding the use of crafted DEX files until a patch is available. As a temporary workaround, restrict the input to the `r hex bin2str` function to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.7-26 Q16 **Description** The issue is related to excessive iteration in the `DecodeLabImage` and `EncodeLabImage` functions of the `coders/tiff.c` component. This allows a remote attacker to cause a denial of service using a specially crafted tiff file. The exploitation can result in a hang that lasts tens of minutes, even with a small proof-of-concept file. **Recommendations** For ImageMagick version 7.0.7-26 Q16, consider disabling the `DecodeLabImage` and `EncodeLabImage` functions as a temporary workaround until a patch is available. Restrict access to handling tiff files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to a NULL pointer dereference in the `getInt` function of the `decompile.c` file. This could allow remote attackers to cause a denial of service by providing a crafted swf file. **Recommendations** For libming version 0.4.8, consider avoiding the use of the `getInt` function in the `decompile.c` file until a patch is available. As a temporary workaround, restrict the processing of swf files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Long Range Zip (aka lrzip) version 0.631 **Description** The issue is related to an infinite loop in the `runzip fd` function of `runzip.c`. This could allow remote attackers to cause a denial of service by providing a crafted lrz file. **Recommendations** For Long Range Zip (aka lrzip) version 0.631, consider applying a patch or fix that addresses the infinite loop in the `runzip fd` function to prevent denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to a use-after-free in the `decompileJUMP` function, located in the decompile.c file. **Recommendations** For libming version 0.4.8, consider updating to a newer version that contains a fix for this issue, if available. As a temporary workaround, consider restricting access to the `decompileJUMP` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to a use-after-free in the decompileSingleArgBuiltInFunctionCall function of decompile.c. This could allow remote attackers to cause a denial of service by providing a crafted swf file. **Recommendations** For libming version 0.4.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to a use-after-free in the decompileGETVARIABLE function of decompile.c. This could allow remote attackers to cause a denial of service by providing a crafted swf file. **Recommendations** For libming version 0.4.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to a use-after-free in the decompileDELETE function of decompile.c. This could allow remote attackers to cause a denial of service by providing a crafted swf file. **Recommendations** For libming version 0.4.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to a use-after-free in the decompilePUSHPARAM function of decompile.c. This could allow remote attackers to cause a denial of service by providing a crafted swf file. **Recommendations** For libming version 0.4.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to a use-after-free in the `decompileCALLFUNCTION` function of `decompile.c`. This could allow remote attackers to cause a denial of service by providing a crafted swf file. **Recommendations** For libming version 0.4.8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.4.0 **Description** The issue is a heap-based buffer over-read in the `dalvik op` function of `anal dalvik.c`. This could allow remote attackers to cause a denial of service by providing a crafted dex file. **Recommendations** For radare2 version 2.4.0, consider avoiding the use of crafted dex files until a patch is available. As a temporary workaround, restrict access to the `dalvik op` function in `anal dalvik.c` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.4.0 **Description** The issue is a heap-based buffer over-read in the get ivar list t function of mach0 classes.c, which could allow remote attackers to cause a denial of service via a crafted Mach-O file. **Recommendations** For radare2 version 2.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** radare2 version 2.4.0 **Description** The issue is a heap-based buffer over-read in the `r asm disassemble` function, which can be exploited by remote attackers to cause a denial of service. This can be achieved through a crafted dex file. **Recommendations** For radare2 version 2.4.0, consider avoiding the use of the `r asm disassemble` function until a patch is available. As a temporary workaround, restrict the processing of dex files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.