4N0Nym4U5

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions (affected versions not specified) **Description** A critical issue exists in the Microsoft Windows Graphics Component, specifically within the `windowscodecs.dll` library. This flaw is an untrusted pointer dereference that allows a remote, unauthorized attacker to execute arbitrary code on a vulnerable system. The issue can be triggered by a specially crafted JPEG image, which can be embedded within documents like Microsoft Office files or even sent as an email attachment. The vulnerability does not require user interaction in some cases. Exploitation involves techniques like heap spraying and Return-Oriented Programming (ROP) chains. Control Flow Guard (CFG) is disabled by default for the 32-bit version of `windowscodecs.dll`, while the 64-bit version requires a CFG bypass for successful exploitation. The vulnerability affects any application that utilizes the Windows Graphics library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libsndfile versions prior to 1.2.3 Description: The issue is related to an out-of-bounds read in the `ogg vorbis.c` component of the libsndfile library, specifically in the `vorbis analysis wrote()` function. This could potentially allow an attacker to execute arbitrary code on the target system. Recommendations: For libsndfile versions prior to 1.2.3, consider updating to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `vorbis analysis wrote()` function in `ogg vorbis.c` until a patch is available.

Name of the Vulnerable Software and Affected Versions: libsndfile versions 1.2.2 and earlier Description: The issue is related to a reachable assertion in the `mpeg l3 encode.c` file, specifically in the `mpeg l3 encoder close` function, which may lead to application exit. Recommendations: For libsndfile versions 1.2.2 and earlier, consider disabling the `mpeg l3 encoder close` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: TinyXML2 versions prior to 10.0.1 Description: The issue is related to a reachable assertion for UINT MAX/16 in tinyxml2.cpp, specifically in the XMLUtil::GetCharacterRef() function. This may lead to an application exit. Recommendations: For versions prior to 10.0.1, update to version 10.0.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: TinyXML2 versions prior to 10.0.1 Description: The issue is related to a reachable assertion for UINT MAX/digit in tinyxml2.cpp, specifically in the XMLUtil::GetCharacterRef() function. This may lead to an application exit. Recommendations: For versions prior to 10.0.1, update to version 10.0.1 or later to resolve the issue.