Cem Onat Karagun

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 versions prior to 1.22.3 **Description** A NULL pointer dereference occurs when an application calls the `gss accept sec context()` function on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this condition, leading to process termination within the `parse nego message()` function. **Recommendations** Update to version 1.22.3 or later.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 versions prior to 1.22.3 **Description** An integer underflow leads to an out-of-bounds read when an application calls the `gss accept sec context()` function on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this issue, which may cause the process to terminate in `parse message()`. An integer underflow occurs when a subtraction results in a value smaller than the minimum representable value for that data type, often wrapping around to a very large positive number. **Recommendations** Update to version 1.22.3 or later.

**Name of the Vulnerable Software and Affected Versions** ffjpeg versions prior to 01.01.2021 **Description** The issue is a global buffer overflow that could cause a Denial of Service by using a crafted jpeg file. It is similar to a previously known issue. The problem lies in the `jfif encode` function at `ffjpeg/src/jfif.c` (line 708), which is related to the copying of a buffer without checking the size of the input data. This could allow a remote attacker to cause a service disruption. **Recommendations** For versions prior to 01.01.2021, as a temporary workaround, consider disabling the `jfif encode` function until a patch is available. Restrict access to the `jfif.c` module to minimize the risk of exploitation. Avoid using the `jfif encode` function in the affected `ffjpeg` library until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ffjpeg versions prior to 01.01.2021 **Description** The issue is related to a heap-based buffer overflow in the jfif decode function at ffjpeg/src/jfif.c, which could cause a Denial of Service by using a crafted jpeg file. This can be exploited by a remote attacker to cause a service disruption. The `jfif decode()` function is specifically vulnerable, potentially allowing an attacker to overflow a buffer in memory. **Recommendations** For versions prior to 01.01.2021, as a temporary workaround, consider disabling the `jfif decode()` function until a patch is available. Restrict access to crafted jpeg files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: tsMuxer version 2.6.16 Description: The issue allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file, due to an out-of-bounds read. Recommendations: For tsMuxer version 2.6.16, avoid using crafted files until a patch is available. As a temporary workaround, consider validating all input files to prevent potential exploitation.

Name of the Vulnerable Software and Affected Versions: tsMuxer version 2.6.16 Description: A heap-based buffer overflow issue allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file. Recommendations: For tsMuxer version 2.6.16, at the moment, there is no information about a newer version that contains a fix for this vulnerability.