Alejandra Sánchez

**Name of the Vulnerable Software and Affected Versions** Pidgin version 2.13.0 **Description** A denial of service issue allows local attackers to crash the application by providing an excessively long username string during account creation. By inputting a buffer of 1000 characters in the `username` field, an attacker can trigger a crash when joining a chat, rendering the application unavailable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Terminal Services Manager version 3.2.1 **Description** A local buffer overflow occurs when an excessively long string is provided in the computer name field. An attacker can input a 5000-byte data buffer into the 'Computer name or IP address' field during the process of adding a computer, leading to a denial of service when the server entry is accessed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NetAware version 1.20 **Description** NetAware version 1.20 includes a buffer overflow issue in the Share Name field. Local attackers can exploit this to crash the application by providing a string that is too long. Specifically, attackers can cause a denial of service by inputting a 1000-byte buffer into the `Share Name` parameter when adding a new share through the Manage Shares interface. **Recommendations** Apply a fix that limits the length of the `Share Name` parameter to prevent excessively long strings from being processed.

**Name of the Vulnerable Software and Affected Versions** NetAware version 1.20 **Description** NetAware version 1.20 includes a buffer overflow issue within the User Blocking feature. Local attackers can cause the application to crash by providing input exceeding the expected size. Specifically, pasting a malicious buffer of 512 bytes into the 'Add a website or keyword to be filtered' field and then attempting to remove the created block triggers the crash. The vulnerable feature allows attackers to disrupt the application's functionality. **Recommendations** Apply a fix or update to address the buffer overflow in the User Blocking feature. As a temporary workaround, avoid adding excessively long input to the 'Add a website or keyword to be filtered' field.

**Name of the Vulnerable Software and Affected Versions** BlueStacks version 4.80.0.1060 **Description** A denial of service issue allows local attackers to crash the application by submitting oversized input to the search field. This is achieved by pasting a buffer of 100,000 'A' characters into the search field and triggering a search operation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VeryPDF PCL Converter version 2.7 **Description** A denial of service issue allows local attackers to crash the application by providing an excessively long password string. A buffer overflow occurs when a 3000-byte password is entered into the PDF Security encryption fields, leading to an application crash during the processing of PCL files. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Encrypt PDF version 2.3 **Description** A buffer overflow allows local attackers to crash the application by inputting excessively long strings into password fields. Specifically, pasting a 1000-byte buffer into the `User Password` or `Master Password` fields within the Settings dialog triggers the crash during the PDF file import process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sandboxie version 5.30 **Description** Sandboxie version 5.30 is subject to a denial of service condition. Local attackers can cause the application to crash by providing an overly long string within the Program Alerts configuration field. Specifically, pasting a buffer of approximately 5000 characters into the 'Select or enter a program' field during program alert configuration can trigger an application crash. The vulnerable configuration field is associated with program alert settings. **Recommendations** Update to a newer version of Sandboxie that addresses this issue.

Name of the Vulnerable Software and Affected Versions CEWE PHOTO SHOW version 6.4.3 Description CEWE PHOTO SHOW 6.4.3 has a denial of service issue. Attackers can crash the application by sending an excessively long buffer to the password field. Specifically, pasting a large string of repeated characters into the password input during the upload process triggers an application crash. Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, limit the length of the input accepted by the password field.

Name of the Vulnerable Software and Affected Versions CEWE PHOTO IMPORTER version 6.4.3 Description CEWE PHOTO IMPORTER version 6.4.3 contains a denial of service issue that allows local attackers to crash the application by importing a specially crafted image file. Attackers can create a malformed JPG file with an oversized buffer and trigger the crash through the import functionality during the image processing workflow. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tomabo MP4 Converter version 3.25.22 **Description** A denial of service issue allows local attackers to crash the application by providing an excessively long string in the `Name` parameter when adding a preset in the Video/Audio Formats options. This triggers a buffer overflow, which is a condition where a program writes more data to a block of memory than it can hold, causing the application to fail when the Reset All button is clicked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TwistedBrush Pro Studio version 24.06 **Description** The software contains a denial of service issue in the Script Recorder component. Local attackers can cause the application to crash by providing an excessively large buffer. Specifically, attackers can paste a malicious string containing 500,000 characters into the Description field within the Script Recorder dialog, leading to an application crash. **Recommendations** Avoid pasting excessively large strings, specifically those containing 500,000 characters or more, into the Description field of the Script Recorder dialog.

**Name of the Vulnerable Software and Affected Versions** TwistedBrush Pro Studio version 24.06 **Description** The software contains a denial of service issue in the Resize Image function. Local attackers can cause the application to crash by providing an excessively long buffer. Specifically, pasting a malicious string into the `New Width` or `New Height` field triggers a buffer overflow, leading to application failure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TwistedBrush Pro Studio version 24.06 **Description** A denial of service issue exists in TwistedBrush Pro Studio 24.06 that allows local attackers to crash the application. This is achieved by importing a specially crafted, malformed .srp script file. Attackers can create a .srp file with an excessively large buffer and import it via the Script Player interface, leading to an application crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Selfie Studio version 2.17 **Description** A denial of service issue exists in the `Resize Image()` function. Local attackers can crash the application by providing an excessively long buffer. This is achieved by pasting a large string of characters into the `New Width` or `New Height` fields, triggering a buffer overflow, which is a condition where a program writes more data to a block of memory than it can hold, causing the application to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SpotPaltalk version 1.1.5 **Description** A denial of service issue exists in the registration code input field. Local attackers can cause the application to crash by submitting an excessively long string. Specifically, pasting a buffer of 1000 characters into the `Name/Key` field during registration and clicking the OK button triggers the crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lyric Video Creator version 2.1 **Description** A denial of service issue allows attackers to crash the application by processing malformed MP3 files. This is achieved by creating a crafted MP3 file with an oversized buffer and opening it through the 'Browse song' functionality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Lyric Maker version 2.0.1.0 **Description** A buffer overflow occurs when a local attacker provides an excessively long string in the Title field. By pasting a 5000-byte buffer into the Title input field and saving the file, a denial of service condition is triggered, causing the application to crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jetAudio version 8.1.7 **Description** The software has a buffer overflow issue in the video converter component. Local attackers can cause the application to crash by providing an oversized string in the File Naming field. Specifically, attackers can paste a malicious buffer of 512 bytes into the `File Naming` parameter and trigger the crash by clicking the Preview button, resulting in a denial of service. **Recommendations** Update to a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PCHelpWareV2 version 1.0.0.5 **Description** The software contains a denial of service issue that allows local attackers to crash the application by providing a malformed image file. Attackers can trigger the issue through the `Create SC` feature by selecting a crafted BMP file with an oversized buffer, causing the application to crash. The vulnerable function is `Create SC`. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid using the `Create SC` feature with untrusted BMP files.