Bear.Xiong

**Name of the Vulnerable Software and Affected Versions** PDFParser (affected versions not specified) **Description** The issue concerns a stack-based buffer overflow in the ObjReader::ReadObj() function, located in ObjReader.cpp. This can be triggered by a remote attacker using a crafted pdf file, potentially leading to a denial of service or the execution of arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VCFtools version 0.1.15 Description: The issue is related to a heap-based buffer over-read in the `header::add INFO descriptor` function, which can lead to information disclosure. This can be exploited by remote attackers using a crafted vcf file. The vulnerability is associated with reading data beyond the buffer boundaries, allowing unauthorized access to protected information. Recommendations: For VCFtools version 0.1.15, consider disabling the `header::add INFO descriptor` function as a temporary workaround until a patch is available. Restrict access to the `header.cpp` file to minimize the risk of exploitation. Avoid using crafted vcf files that may trigger the buffer over-read issue until the vulnerability is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VCFtools version 0.1.15 Description: The issue is related to the `header::add INFO descriptor` function in VCFtools, which is associated with a use-after-free error. This can be exploited by a remote attacker using a specially crafted vcf file, potentially leading to a denial of service or other unspecified impacts. Recommendations: For VCFtools version 0.1.15, consider avoiding the use of the `header::add INFO descriptor` function until a patch is available. As a temporary workaround, restrict the processing of crafted vcf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: VCFtools version 0.1.15 Description: The issue is related to the `header::add FORMAT descriptor` function in `header.cpp`, which allows remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted vcf file. This is due to a use-after-free error, where memory is accessed after it has been freed. Recommendations: For VCFtools version 0.1.15, at the moment, there is no information about a newer version that contains a fix for this vulnerability.