A Member

**Name of the Vulnerable Software and Affected Versions** OpenPLC version v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58 **Description** A denial of service issue exists in the ModbusTCP server functionality. An attacker can open a series of TCP connections to exhaust the server and prevent it from processing further Modbus requests. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8 Description: A memory corruption issue exists in the BMPv3 Image Decoding functionality. Loading a specially crafted .bmp file can cause an integer overflow when calculating the stride for decoding, leading to a heap-based buffer overflow during image decoding and potentially resulting in remote code execution. An attacker needs to convince the library to read a malicious file to trigger this issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8 Description: A memory corruption issue exists in the PSD Image Decoding functionality. Loading a crafted .psd file can cause an integer overflow when calculating the stride for decoding, leading to a heap-based buffer overflow and potential remote code execution. An attacker needs to convince the library to read a malicious file to trigger this issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8 Description: A memory corruption issue exists in the PSD RLE Decoding functionality. Decompressing image data from a crafted .psd file can lead to a heap-based buffer overflow, potentially allowing for remote code execution. An attacker needs to make the library read a malicious file to trigger this issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8 Description: A memory corruption issue exists in the BMPv3 RLE Decoding functionality. A heap-based buffer overflow can occur when decompressing image data from a specially crafted .bmp file, potentially leading to remote code execution. An attacker needs to convince the library to read a malicious file to trigger this issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8 Description: A memory corruption issue exists in the WebP Image Decoding functionality. Loading a specially crafted .webp animation can cause an integer overflow when calculating the stride for decoding, leading to a heap-based buffer overflow during image decoding and potentially resulting in remote code execution. An attacker needs to convince the library to read a malicious file to trigger this issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8 Description: A memory corruption issue exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library. Decoding image data from a crafted .tga file can lead to a heap-based buffer overflow, potentially allowing for remote code execution. An attacker needs to provide a file for the library to read to trigger this issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8 Description: A memory corruption issue exists in the PCX Image Decoding functionality of the library. Decoding image data from a crafted .pcx file can lead to a heap-based buffer overflow, potentially allowing for remote code execution. An attacker needs to provide a file for the library to read to trigger this issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SAIL Image Decoding Library version 0.9.8 Description: A memory corruption issue exists in the BMPv3 Palette Decoding functionality. Loading a specially crafted .bmp file can cause an integer overflow, leading to a heap-based buffer overflow when reading the palette. This can allow for remote code execution if an attacker convinces the library to read a malicious file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bloomberg Comdb2 version 8.1 **Description** A null pointer dereference vulnerability exists in the net connectmsg Protocol Buffer Message functionality. Receiving specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bloomberg Comdb2 version 8.1 **Description** A null pointer dereference issue exists in the CDB2SQLQUERY protocol buffer message handling. A specially crafted protocol buffer message can lead to a denial of service. An attacker can connect to a database instance over TCP and send the crafted message to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bloomberg Comdb2 version 8.1 **Description** A null pointer dereference issue exists in the Distributed Transaction component when processing fields used for coordination. Sending a specially crafted protocol buffer message can lead to a denial of service. An attacker can connect to a database instance over TCP and send the crafted message to trigger this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bloomberg Comdb2 version 8.1 **Description** A denial of service issue exists in the Distributed Transaction Commit/Abort Operation functionality. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bloomberg Comdb2 version 8.1 **Description** A denial of service issue exists in the Bloomberg Comdb2 database when processing a distributed transaction heartbeat. Sending a specially crafted protocol buffer message to a database instance over TCP can lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** catdoc version 0.95 **Description** An integer overflow issue exists in the OLE Document File Allocation Table Parser functionality. This can be triggered by a specially crafted malformed file, leading to heap-based memory corruption. An attacker can exploit this by providing a malicious file. **Recommendations** For catdoc version 0.95, consider avoiding the use of the OLE Document File Allocation Table Parser functionality with untrusted files until a patch is available. As a temporary workaround, restrict the processing of malformed files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** xls2csv utility version 0.95 **Description** A memory corruption issue exists in the Shared String Table Record Parser implementation. This can be triggered by a specially crafted malformed file, leading to a heap buffer overflow. An attacker can exploit this by providing a malicious file. **Recommendations** For xls2csv utility version 0.95, consider avoiding the use of the Shared String Table Record Parser until a patch is available. As a temporary workaround, restrict the processing of untrusted or malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** catdoc version 0.95 **Description** An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability. **Recommendations** For catdoc version 0.95, consider avoiding the use of the OLE Document DIFAT Parser functionality until a patch is available. As a temporary workaround, restrict the processing of malformed files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Miniaudio version 0.11.21 **Description** The issue is related to an out-of-bounds write vulnerability in the `ma dr flac decode samples lpc` functionality. It can be triggered by a specially crafted .flac file, leading to memory corruption. An attacker can exploit this by providing a malicious file. **Recommendations** For Miniaudio version 0.11.21, consider avoiding the use of the `ma dr flac decode samples lpc` functionality until a patch is available. Restrict access to processing .flac files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GNOME Project G Structured File Library (libgsf) version 1.14.52 Description: An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow that allows for a heap-based buffer overflow when processing the sector allocation table. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Recommendations: For version 1.14.52 of the GNOME Project G Structured File Library (libgsf), consider disabling the Compound Document Binary File format parser until a patch is available. Restrict access to files in the Compound Document Format to minimize the risk of exploitation. Avoid using the library to process untrusted files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GNOME Project G Structured File Library (libgsf) version v1.14.52 Description: An integer overflow vulnerability exists in the Compound Document Binary File format parser of the GNOME Project G Structured File Library (libgsf). A specially crafted file can result in an integer overflow when processing the directory from the file, allowing for an out-of-bounds index to be used when reading and writing to an array. This can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. Recommendations: For GNOME Project G Structured File Library (libgsf) version v1.14.52, update to a version that fixes the integer overflow vulnerability in the Compound Document Binary File format parser. At the moment, there is no information about a newer version that contains a fix for this vulnerability.