10Cksyiqiyinhangzhoutechnology

**Name of the Vulnerable Software and Affected Versions** KMPlayer version 4.2.2.73 **Description** A problematic issue has been found in the library SHFOLDER.dll, affecting some unknown processing. The manipulation leads to an uncontrolled search path. This issue requires local attacking to be exploited. **Recommendations** For KMPlayer version 4.2.2.73, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TinyTIFF version 3.0.0.0 **Description** A problematic issue has been found in the File Handler component, specifically in the tinytiffreader.c file, leading to a buffer overflow. This issue requires local attacking to be exploited. The exploit has been disclosed to the public and may be used. **Recommendations** For TinyTIFF version 3.0.0.0, as a temporary workaround, consider restricting access to the tinytiffreader.c file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** syoyo tinydng (affected versions not specified) **Description** A problematic issue has been found, affecting the ` interceptor memcpy` function of the file `tiny dng loader.h`. This leads to a heap-based buffer overflow. Local access is required for an attack. The issue has been publicly disclosed. **Recommendations** Apply a patch to fix this issue.

**Name of the Vulnerable Software and Affected Versions** MP4v2 version 2.1.2 **Description** A problematic issue affects the `DumpTrack` function of the file mp4trackdump.cpp, leading to denial of service. The attack must be approached locally. **Recommendations** For MP4v2 version 2.1.2, consider disabling the `DumpTrack` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** finixbit elf-parser (affected versions not specified) **Description** The issue is related to insufficient input validation in the `elf parser::Elf parser::get segments` function of the `elf parser.cpp` component in the elf-parser program. This can lead to denial of service when exploited. Local access is required for an attack. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** xiaozhuai imageinfo versions up to 3.0.3 **Description** A buffer overflow issue has been found in the imageinfo.hpp file of the xiaozhuai imageinfo library. This issue is related to the copying of a buffer without checking the size of the input data. The manipulation of this issue can lead to a buffer overflow, which requires local access to exploit. The exploit has been disclosed to the public and may be used, potentially allowing an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For xiaozhuai imageinfo versions up to 3.0.3, consider updating to a version later than 3.0.3 to resolve the buffer overflow issue. As a temporary workaround, consider restricting access to the imageinfo.hpp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** vox2png version 1.0 **Description** A critical vulnerability was found in vox2png, affecting an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. **Recommendations** For vox2png version 1.0, as a temporary workaround, consider restricting access to the vulnerable functionality in the vox2png.c file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.