Twi1Ight

**Name of the Vulnerable Software and Affected Versions** Long Range Zip (aka lrzip) version 0.631 **Description** The issue is related to a use-after-free in the `read stream` function in `stream.c`, caused by the lack of certain size validation in the `decompress file` function in `lrzip.c`. **Recommendations** For Long Range Zip (aka lrzip) version 0.631, consider updating to a newer version that addresses the size validation issue in the `decompress file` function. As a temporary workaround, restrict the use of the `decompress file` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.7-4 Q16 **Description** A flaw has been reported in the ReadTIFFImage function in coders/tiff.c, which could allow an attacker to disclose potentially sensitive memory or cause an application crash due to an out of bounds read. **Recommendations** For ImageMagick version 7.0.7-4 Q16, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LibRaw versions prior to 0.18.5 Description: The issue is related to an out of bounds read flaw in the `kodak 65000 load raw` function, affecting components `dcraw/dcraw.c` and `internal/dcraw common.cpp`. This could potentially allow an attacker to disclose sensitive memory or cause an application crash. The vulnerability can be exploited by a remote attacker to gain access to confidential data and cause a denial of service. Recommendations: For LibRaw versions prior to 0.18.5, update to version 0.18.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `kodak 65000 load raw` function in `dcraw/dcraw.c` and `internal/dcraw common.cpp` until a patch is available.

Name of the Vulnerable Software and Affected Versions: LibRaw versions prior to 0.18.3 Description: A Stack-based Buffer Overflow was discovered in the `xtrans interpolate` function in `internal/dcraw common.cpp`. This issue could allow a remote attacker to execute code or cause a denial of service. The vulnerability is related to a buffer overflow in memory, which can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a service disruption. Recommendations: For versions prior to 0.18.3, update to version 0.18.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `xtrans interpolate` function in `internal/dcraw common.cpp` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** JasPer versions 1.900.8 through 2.0.16 **Description** The issue allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted image, related to the `jas image ishomosamp` function in libjasper/base/jas image.c. **Recommendations** As a temporary workaround, consider disabling the `jas image ishomosamp` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.