熊文彬

**Name of the Vulnerable Software and Affected Versions** libpff versions through 2018-04-28 **Description** The issue allows remote attackers to cause an information disclosure via a crafted pff file. This is due to a heap-based buffer over-read in the `libpff name to id map entry read` function in `libpff name to id map.c`. The vendor has disputed this issue, as described in libyal/libpff issue 66 on GitHub. **Recommendations** For versions through 2018-04-28, consider disabling the `libpff name to id map entry read` function until a patch is available or apply configuration changes to restrict access to crafted pff files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TagLib version 1.11.1 **Description** The issue is related to a heap-based buffer over-read in the TagLib::Ogg::FLAC::File::scan function, which can be exploited by remote attackers using a crafted audio file, potentially leading to information disclosure. **Recommendations** For TagLib version 1.11.1, consider disabling the `TagLib::Ogg::FLAC::File::scan` function until a patch is available to prevent potential information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.