Yevgeny Pats

**Name of the Vulnerable Software and Affected Versions** Exiv2 versions through 0.27.2 **Description** The issue is related to an out-of-bounds read in the mrwimage.cpp component of the Exiv2 library, which manages media file metadata. This could allow a remote attacker to cause a denial of service. **Recommendations** For Exiv2 versions through 0.27.2, update to a version that contains a fix for this issue to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.4.1 **Description** The issue is related to the `join session keyring` function in the Linux kernel, which mishandles object references in a certain error case. This can be exploited by local users to gain privileges or cause a denial of service, including integer overflow and use-after-free, via crafted `keyctl` commands. The vulnerability allows a local attacker to potentially execute arbitrary code on the target system. **Recommendations** For Linux kernel versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `keyctl` command to minimize the risk of exploitation.