Aug5T7O

**Name of the Vulnerable Software and Affected Versions** tsMuxer version git-2678966 **Description** The issue is caused by an integer overflow in the DTSStreamReader::findFrame() function, which can be exploited by attackers to cause a Denial of Service (DoS) via a crafted file. **Recommendations** For tsMuxer version git-2678966, consider updating to a newer version that contains a fix for this issue, as using a crafted file can cause a Denial of Service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tsMuxer version git-c6a0277 **Description** The issue occurs due to an assertion failure in the BitStreamReader::skipBits function located in the /bitStream.h file at line 132. This failure happens when the condition `num <= INT BIT` is not met. **Recommendations** For tsMuxer version git-c6a0277, as a temporary workaround, consider modifying the `skipBits` function in the `BitStreamReader` class to handle cases where `num` exceeds `INT BIT` to prevent the assertion failure. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** tsMuxer git-2678966 **Description** A heap-based buffer overflow was discovered in tsMuxer via the function HevcUnit::updateBits in hevc.cpp. **Recommendations** For tsMuxer git-2678966, consider disabling the HevcUnit::updateBits function in hevc.cpp as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libjxl version v0.5.0 **Description** The issue is related to a problem of assertion failure in the lib/jxl/image.cc file, specifically in the `jxl::PlaneBase::PlaneBase()` function. When encoding a malicious GIF file using cjxl, an attacker can trigger a denial of service. **Recommendations** For libjxl version v0.5.0, consider avoiding the use of the `jxl::PlaneBase::PlaneBase()` function when encoding GIF files until a patch is available. As a temporary workaround, restrict the use of cjxl for encoding GIF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ok-file-formats versions through 2021-04-29 Description: The issue is a heap-based buffer overflow in the `ok csv circular buffer read` function in `ok csv.c`. This occurs due to improper handling of data, leading to potential memory corruption. Recommendations: For versions through 2021-04-29, consider disabling the `ok csv circular buffer read` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.