0Xdd96

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0647fb3 **Description** A heap-buffer overflow issue was discovered in the tinyexr component, specifically via the rleUncompress function. **Recommendations** For tinyexr version 0647fb3, consider disabling the rleUncompress function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libjpeg (affected versions not specified) **Description** The issue is related to an infinite loop in the libjpeg component, specifically via the JPEG::ReadInternal component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.4.4608 **Description** A heap use-after-free issue was discovered via `bit copy chain`. This issue may potentially be exploited. **Recommendations** For LibreDWG version 0.12.4.4608, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** The issue allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input. This is due to a problem in the AP4 SgpdAtom::AP4 SgpdAtom() function. **Recommendations** For Bento4 version 1.6.0-639, consider disabling the AP4 SgpdAtom::AP4 SgpdAtom() function as a temporary workaround until a patch is available. Restrict the processing of crafted mp4 inputs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Open Asset Import Library (Assimp) versions prior to the version containing the fix for the segmentation violation in Assimp::XFileImporter::CreateMeshes() **Description** The issue is related to a segmentation violation in the Assimp::XFileImporter::CreateMeshes() function of the Open Asset Import Library (Assimp). This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with the component Assimp::XFileImporter::CreateMeshes. **Recommendations** For Open Asset Import Library (Assimp) versions prior to the version containing the fix, consider disabling the `Assimp::XFileImporter::CreateMeshes()` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ffjpeg (affected versions not specified) **Description** The issue is related to an integer overflow vulnerability in the `bmp load()` function in `bmp.c`, which can lead to a heap overflow in `jfif encode()` in `jfif.c`. This vulnerability is a result of an incomplete patch for a previous issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VirusTotal YARA (affected versions not specified) **Description** A Buffer Overflow issue exists in VirusTotal YARA, specifically via `yr set configuration` in `yara/libyara/libyara.c`, which could cause a Denial of Service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to a lack of boundary check in the parseSWF DEFINELOSSLESS2 function, located in util/parser.c, which could lead to denial-of-service attacks via a crafted SWF file. **Recommendations** For libming version 0.4.8, consider applying a patch or fix that adds a boundary check to the parseSWF DEFINELOSSLESS2 function to prevent denial-of-service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** A memory exhaustion issue exists in the function `cws2fws` in `util/main.c`, allowing remote attackers to launch denial of service attacks by submitting a crafted SWF file. **Recommendations** For libming version 0.4.8, consider restricting the submission of SWF files or limiting the resources available to the `cws2fws` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.1-DEV-rev232-gfcaa01ebb-master **Description** The issue is related to a stack overflow when processing ISOM IOD, which can be exploited to cause a denial of service. It is also described as a buffer overflow vulnerability in the ISOM IOD component of the GPAC multimedia platform. **Recommendations** For GPAC version 2.1-DEV-rev232-gfcaa01ebb-master, as a temporary workaround, consider disabling the processing of ISOM IOD to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 1.1.0 **Description** A Null Pointer Dereference issue exists via the `xtra box write` function in `/box code base.c`, causing a Denial of Service. **Recommendations** For GPAC version 1.1.0, apply the fix from commit 71f9871 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.1-DEV-rev87-g053aae8-master **Description** The issue is related to a failed assertion in the `BS ReadByte()` function located in `utils/bitstream.c`, which causes a Denial of Service. **Recommendations** For GPAC version 2.1-DEV-rev87-g053aae8-master, apply the fix from commit 9ea93a2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.1-DEV-rev87-g053aae8-master **Description** The issue is related to a Null Pointer Dereference vulnerability in the `gf isom parse movie boxes internal` function due to improper return value handling of `GF SKIP BOX`, causing a Denial of Service. **Recommendations** For GPAC version 2.1-DEV-rev87-g053aae8-master, update to a version that includes the fix from commit 37592ad to resolve the issue.