Chanstormstout

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.3-DEV-rev449-g5948e4f70-master **Description** The issue is related to a heap-use-after-free vulnerability via the `gf bs align` function at `bitstream.c`. This allows attackers to cause a Denial of Service (DoS) by supplying a crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Yasm version 1.3.0.78 **Description** The issue is related to a NULL Pointer Dereference in the components /libyasm/intnum.c and /elf/elf.c of the Yasm assembler. This allows an attacker to cause a denial of service via a crafted file. The exploitation of this issue can enable a remote attacker to disrupt service. **Recommendations** For Yasm version 1.3.0.78, consider avoiding the use of the affected components /libyasm/intnum.c and /elf/elf.c until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.