Asteriska001

**Name of the Vulnerable Software and Affected Versions** json2xml versions through 3.12.0 **Description** The issue allows an error in typecode decoding, enabling a remote attack that can lead to an exception, causing a denial of service. **Recommendations** For versions through 3.12.0, consider updating to a version that fixes the typecode decoding error to prevent remote attacks leading to a denial of service.

**Name of the Vulnerable Software and Affected Versions** Deark version 1.6.2 **Description** The issue is related to a stack overflow in the `do prism read palette()` function, located at `/modules/atari-img.c`. This function is vulnerable to a stack overflow, which can be exploited. **Recommendations** For Deark version 1.6.2, consider disabling the `do prism read palette()` function as a temporary workaround until a patch is available. Restrict access to the `/modules/atari-img.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** pdftojson version 94204bb **Description** The issue is related to a stack overflow in the `Object::copy(Object*):Object.cc` component. This occurs due to a problem in the pdftojson commit 94204bb. **Recommendations** For version 94204bb, consider applying a patch or fix to resolve the stack overflow issue in the `Object::copy(Object*)` function. As a temporary workaround, consider restricting the use of the `Object::copy(Object*)` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** pdftojson version 94204bb **Description** The issue is related to a stack overflow in the `Stream::makeFilter(char*, Stream*, Object*, int)` component. **Recommendations** For pdftojson version 94204bb, consider disabling the `Stream::makeFilter(char*, Stream*, Object*, int)` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Audio File version 004065d **Description** A heap-buffer overflow was discovered in the function `fouBytesToInt()` in `AudioFile.h`. This issue affects the specified commit of the Audio File software. **Recommendations** For Audio File version 004065d, consider restricting access to the `fouBytesToInt()` function until a patch is available. As a temporary workaround, avoid using the `fouBytesToInt()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dropbox Lepton version 1.2.1-185-g2a08b77 **Description** A heap-buffer-overflow was discovered in the function `aligned dealloc()` at `src/lepton/bitops.cc:108`. This issue affects the specified version of Dropbox Lepton. **Recommendations** For Dropbox Lepton version 1.2.1-185-g2a08b77, as a temporary workaround, consider disabling the `aligned dealloc()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** epub2txt (aka epub2txt2) versions 2.02 and earlier **Description** The issue allows a stack-based buffer overflow via a crafted EPUB document. This is due to the `xhtml translate entity` function in `xhtml.c`. **Recommendations** For versions 2.02 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.