Biniam

**Name of the Vulnerable Software and Affected Versions** warmcat libwebsockets versions prior to 4.5.9 **Description** A flaw in the SSH Protocol Handler component allows for remote resource consumption. The issue exists within the `lws ssh parse plaintext()` function located in the `plugins/protocol lws ssh base/sshd.c` file. An attacker can trigger this by manipulating the `msg len` argument. **Recommendations** Apply patch 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498 to remediate the issue.

A security flaw has been discovered in janet-lang janet up to 1.41.0. This affects the function doframe of the file src/core/debug.c. Performing a manipulation results in out-of-bounds read. Attacking locally is a requirement. The exploit has been released to the public and may be used for attacks. The patch is named ed17dd2c5913a23fb1107251e44a9410a3c30cf5.

A weakness has been identified in janet-lang janet up to 1.41.0. This vulnerability affects the function unmarshal one fiber of the file src/core/marsh.c. Executing a manipulation can lead to integer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d9b1d711ea1fde52ac73a82088b512a3e17bad0d. A patch should be applied to remediate this issue.

**Name of the Vulnerable Software and Affected Versions** Squirrel versions prior to 3.3 **Description** A heap-based buffer overflow occurs in the Cnut File Handler component within the `ReadObject()` function of the `squirrel/sqobject.cpp` file. This issue allows a local attacker to perform a manipulation that leads to the overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Squirrel versions prior to 3.3 **Description** A heap-based buffer overflow occurs in the `SQFunctionProto::Load()` function within the `squirrel/sqobject.cpp` file. This issue allows for local execution to manipulate memory, potentially leading to a crash or arbitrary code execution. A heap-based buffer overflow is a condition where a program writes more data to a heap-allocated memory block than it can hold, overwriting adjacent memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Squirrel versions prior to 3.3 **Description** A stack-based buffer overflow occurs in the `validate format()` function within the `sqstdlib/sqstdstring.cpp` library. This issue allows a local attacker to execute a manipulation that leads to the overflow. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the `validate format()` function.

**Name of the Vulnerable Software and Affected Versions** OSGeo gdal versions prior to 3.13.0RC1 **Description** A heap-based buffer overflow exists in the `SWSDfldsrch()` function within the `frmts/hdf4/hdf-eos/SWapi.c` file. This issue can be triggered through local access by executing a manipulation. **Recommendations** Upgrade to version 3.13.0RC1.

**Name of the Vulnerable Software and Affected Versions** OSGeo gdal versions prior to 3.13.0RC1 **Description** A heap-based buffer overflow exists in the Grid File Handler component. This issue occurs within the `GDSDfldsrch()` function located in the `frmts/hdf4/hdf-eos/GDapi.c` file. Exploitation requires local access to the system. **Recommendations** Upgrade to version 3.13.0RC1.

**Name of the Vulnerable Software and Affected Versions** OSGeo gdal versions prior to 3.13.0RC1 **Description** A heap-based buffer overflow occurs in the `GDnentries()` function within the `frmts/hdf4/hdf-eos/GDapi.c` file. This issue is triggered by manipulating the `DataFieldName` argument and requires the attack to be initiated from a local position. **Recommendations** Upgrade to version 3.13.0RC1.

**Name of the Vulnerable Software and Affected Versions** OSGeo gdal versions prior to 3.13.0RC1 **Description** An issue exists in the HDF-EOS Grid File Handler component within the `memmove()` function of the `frmts/hdf4/hdf-eos/SWapi.c` file. This flaw allows for an out-of-bounds read, which occurs when the system reads data outside the intended boundary of a buffer. This attack is restricted to local execution. **Recommendations** Upgrade to version 3.13.0RC1.

**Name of the Vulnerable Software and Affected Versions** OSGeo gdal versions prior to 3.12.4RC1 **Description** A heap-based buffer overflow occurs in the `SWnentries()` function within the `frmts/hdf4/hdf-eos/SWapi.c` file. This issue is triggered by the manipulation of the `DimensionName` argument and requires local access to be exploited. **Recommendations** Upgrade to version 3.12.4RC1.

**Name of the Vulnerable Software and Affected Versions** OSGeo gdal versions prior to 3.13.0RC1 **Description** A weakness in the `GDfieldinfo()` function within the `frmts/hdf4/hdf-eos/GDapi.c` file can lead to an out-of-bounds read, which occurs when a program reads data past the end of the intended buffer. This issue requires the attack to be launched locally. **Recommendations** Upgrade to version 3.13.0RC1.

**Name of the Vulnerable Software and Affected Versions** AcademySoftwareFoundation OpenImageIO versions prior to 3.2.0.1-dev **Description** An out-of-bounds write issue exists within the DDS Image Handler component, specifically affecting the `src/dds.imageio/ddsinput.cpp` file. This flaw requires local access to be exploited. **Recommendations** Apply patch 94ec2deec3e3bf2f2e2ff84d008e27425d626fe2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF versions prior to 1.28.1 **Description** An out-of-bounds read exists in the CFF Index Handler component within the `fz subset cff for gids()` function of the `subset-cff.c` file. This issue allows for local execution of the attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libvips versions prior to 8.19 **Description** A heap-based buffer overflow exists in the nip2 Handler component within the `im minpos vec()` function of the file libvips/deprecated/vips7compat.c. This issue occurs when the argument `n` is manipulated, allowing for a memory corruption. Exploitation requires local access. **Recommendations** Update to version 8.19 or later to remove the deprecated area containing the vulnerable function.

Name of the Vulnerable Software and Affected Versions LibRaw versions up to 0.22.0 Description A flaw exists in LibRaw up to version 0.22.0 within the `LibRaw::nikon load padded packed raw` function located in the `src/decoders/decoders libraw.cpp` file, related to the TIFF/NEF component. Manipulation of the `load flags`/`raw width` arguments can result in an out-of-bounds read. Remote exploitation is possible. Recommendations Upgrade to version 0.22.1 or later.

Name of the Vulnerable Software and Affected Versions LibRaw versions up to 0.22.0 Description A weakness exists in LibRaw, specifically in the `HuffTable::initval` function within the `src/decompressors/losslessjpeg.cpp` file of the JPEG DHT Parser component. This allows for an out-of-bounds write due to manipulation of the `bits[]` argument. The attack can be initiated remotely and an exploit is publicly available. Recommendations Upgrade to version 0.22.1 or later to address this issue.

**Name of the Vulnerable Software and Affected Versions** libpng versions up to 1.6.55 **Description** A heap-based buffer overflow exists in the `do pnm2png` function within the `pnm2png.c` file of the `pnm2png` component. The issue is triggered by manipulating the `width` and `height` arguments. Exploitation is restricted to local execution, and an exploit has been published. The project was notified of the issue but has not yet responded. **Recommendations** Versions prior to 1.6.55 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** strukturag libheif versions up to 1.21.2 **Description** A flaw exists in strukturag libheif that allows for an out-of-bounds read. The issue resides in the `vvdec push data2` function within the `libheif/plugins/decoder vvdec.cc` file of the HEIF File Parser component. Manipulating the `size` argument can trigger the flaw. The attack requires local access. The exploit has been publicly disclosed. **Recommendations** Implement patch b97c8b5f198b27f375127cd597a35f2113544d03 to correct this issue.