Breakingbad6

**Name of the Vulnerable Software and Affected Versions** libtheora (affected versions not specified) **Description** A heap-based out-of-bounds read flaw exists in libtheora's AVI (Audio Video Interleave) parser, specifically within the `avi parse input file()` function. A local attacker could exploit this by crafting a malicious AVI file with a truncated header sub-chunk. This could result in a denial-of-service (application crash) or potential information leakage from the heap. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libexif versions through 0.6.25 **Description** The software contains a flaw in decoding MakerNotes. Specifically, an integer underflow occurs within the `exif mnote data get value` function when it receives a size of 0, leading to a buffer overwrite. **Recommendations** Update to a version of libexif newer than 0.6.25.