Yongji Ouyang

**Name of the Vulnerable Software and Affected Versions** GdkPixBuf versions 2.32.2 **Description** The issue allows attackers to cause a denial of service, potentially leading to stack corruption, or possibly have other unspecified impacts through a crafted file folder. **Recommendations** For version 2.32.2, update to a newer version that contains a fix for this issue to prevent potential denial of service or other impacts.

**Name of the Vulnerable Software and Affected Versions** curl (affected versions not specified) **Description** The issue arises from the "globbing" function in curl that parses numerical ranges in URLs. If a user provides a carefully crafted or wrongly written URL, curl may read a byte beyond the end of the URL. This can lead to incorrect behavior instead of crashing, as the URL is stored in a heap-based buffer. An example of a URL that triggers this flaw is `http://ur%20[0-60000000000000000000`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.