Yuriy M. Kaminskiy

**Name of the Vulnerable Software and Affected Versions** imlib2 versions prior to 1.4.9 **Description** The issue is caused by an off-by-one error in the ` imlib MergeUpdate` function, allowing remote attackers to cause a denial of service through crafted coordinates, resulting in an out-of-bounds read and application crash. **Recommendations** For versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue. As a temporary workaround, consider restricting the input of coordinates to prevent crafted values from being processed by the ` imlib MergeUpdate` function.

**Name of the Vulnerable Software and Affected Versions** imlib2 versions prior to 1.4.9 **Description** The issue is caused by an integer overflow in the imlib2 graphic library on 32-bit platforms, which can lead to an out-of-bounds heap memory write operation. This can be exploited by a remote attacker using a specially crafted large image to execute arbitrary code. **Recommendations** For versions prior to 1.4.9, update to version 1.4.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of large images to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Squid versions prior to 3.5.16 Squid versions 4.x prior to 4.0.8 **Description** The issue is related to a heap-based buffer overflow in the `Icmp6::Recv` function, which can be triggered by remote servers sending a specially crafted ICMPv6 packet. This can lead to performance degradation, transition failures, or the writing of sensitive information to log files. **Recommendations** For Squid versions prior to 3.5.16, update to version 3.5.16 or later. For Squid versions 4.x prior to 4.0.8, update to version 4.0.8 or later.

**Name of the Vulnerable Software and Affected Versions** Squid versions 2.x, 3.x before 3.5.17, and 4.x before 4.0.9 **Description** A buffer overflow issue exists in the cachemgr.cgi component, potentially allowing remote attackers to cause a denial of service or execute arbitrary code by providing crafted data to seed manager reports. **Recommendations** For Squid versions 2.x, update to a version outside of this range to mitigate the issue. For Squid versions 3.x before 3.5.17, update to version 3.5.17 or later. For Squid versions 4.x before 4.0.9, update to version 4.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** Squid versions 3.x through 3.5.17 Squid versions 4.x through 4.0.9 **Description** The issue is related to multiple stack-based buffer overflows that can be triggered by crafted Edge Side Includes (ESI) responses from remote HTTP servers. This can lead to a denial of service or potentially allow the execution of arbitrary code. **Recommendations** For Squid versions 3.x through 3.5.17, update to version 3.5.17 or later. For Squid versions 4.x through 4.0.9, update to version 4.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** Squid versions 3.x through 3.5.17 Squid versions 4.x through 4.0.9 **Description** A buffer overflow issue allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses. **Recommendations** For Squid versions 3.x through 3.5.17, update to version 3.5.17 or later. For Squid versions 4.x through 4.0.9, update to version 4.0.9 or later.