Chingggo

**Name of the Vulnerable Software and Affected Versions** Radare2 version v5.7.0 **Description** The issue is related to a heap buffer overflow via the `consume encoded name new` function in the `format/wasm/wasm.c` file. This allows attackers to cause a Denial of Service (DoS) via a crafted binary file. **Recommendations** For Radare2 version v5.7.0, consider disabling the `consume encoded name new` function as a temporary workaround until a patch is available. Restrict access to crafted binary files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Radare2 version 5.7.2 **Description** The issue is related to a NULL pointer dereference via the function `r bin file xtr load buffer` at `bin/bfile.c`. This allows attackers to cause a Denial of Service (DOS) via a crafted binary file. **Recommendations** For Radare2 version 5.7.2, as a temporary workaround, consider disabling the `r bin file xtr load buffer` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QPDF version v8.4.2 **Description** The issue is related to a heap buffer overflow via the function `QPDF::processXRefStream`. This allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. The vulnerability is associated with the lack of resource release after its valid period of exploitation. **Recommendations** For QPDF version v8.4.2, consider disabling the `QPDF::processXRefStream` function until a patch is available to prevent potential Denial of Service (DoS) attacks via crafted PDF files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.