Chijinz

**Name of the Vulnerable Software and Affected Versions** Redis versions 5.0.7 **Description** The issue is related to a segmentation fault in the redis-server component of Redis, which can lead to a denial of service (DOS). This can be exploited by a remote attacker to cause a service disruption. The vendor has noted that they cannot reproduce this issue in released versions, such as 5.0.7. **Recommendations** For Redis version 5.0.7, consider applying configuration changes to minimize the risk of exploitation, such as restricting access to the redis-server component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to an array index error in the `tinyexr::SaveEXR` component of the OpenEXR Tinyexr library for image processing. This error can be exploited by a remote attacker to cause a denial of service (DOS). **Recommendations** For version 0.9.5, consider disabling the `tinyexr::SaveEXR` component until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to an array index error in the `tinyexr::DecodeEXRImage` component of the tinyexr library for image processing. This error can be exploited by a remote attacker to cause a denial of service. **Recommendations** For tinyexr version 0.9.5, consider disabling the `tinyexr::DecodeEXRImage` component until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to an assertion failure in the DecodePixelData function within tinyexr.h. **Recommendations** For tinyexr version 0.9.5, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to a segmentation fault in the `wav2Decode` function. **Recommendations** For tinyexr version 0.9.5, consider avoiding the use of the `wav2Decode` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to a heap-based buffer over-read in the `LoadEXRImageFromMemory` function located in `tinyexr.h`. **Recommendations** For tinyexr version 0.9.5, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to an assertion failure in the ComputeChannelLayout function located in tinyexr.h. **Recommendations** For tinyexr version 0.9.5, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to a heap-based buffer over-read in the `tinyexr::DecodePixelData` function, located in `tinyexr.h`, and is connected to OpenEXR code. **Recommendations** For tinyexr version 0.9.5, consider avoiding the use of the `tinyexr::DecodePixelData` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tinyexr version 0.9.5 **Description** The issue is related to a memory leak in the `ParseEXRHeaderFromMemory` function located in `tinyexr.h`. **Recommendations** For tinyexr version 0.9.5, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: libjpeg version 9c Description: The issue is related to the `read pixel` function in `rdtarga.c` of the libjpeg library, which mishandles EOF, leading to a large loop. This is due to resource management errors. Exploitation of this issue may allow a remote attacker to cause a denial of service. Recommendations: For libjpeg version 9c, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** md4c version 0.2.5 **Description** The issue arises from a heap-based buffer over-read in the `md is link reference definition helper` function within md4c. This occurs due to `md is link label` mishandling loop termination, leading to improper handling of data and resulting in a buffer over-read. **Recommendations** For md4c version 0.2.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** md4c version 0.2.5 **Description** The issue is caused by a heap-based buffer over-read due to an off-by-one error in the `md is named entity contents` function. **Recommendations** For md4c version 0.2.5, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** md4c version 0.2.5 **Description** The issue is related to a heap-based buffer overflow in the `md merge lines` function. This overflow occurs because the `md is link label` function mishandles link labels composed solely of backslash escapes. **Recommendations** For md4c version 0.2.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** md4c versions prior to 0.2.5 **Description** The issue is caused by a heap-based buffer overflow in the md split simple pairing mark function, which mishandles splits. **Recommendations** For versions prior to 0.2.5, update to version 0.2.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** PDFGen versions prior to 2018-04-09 **Description** The issue is related to a heap-based buffer over-read in the `jpeg size` function within `pdfgen.c` in PDFGen. **Recommendations** For versions prior to 2018-04-09, update to a version released after 2018-04-09 to resolve the issue.