Choongin Lee

**Name of the Vulnerable Software and Affected Versions** Apache HTTP Server versions 2.4.55 through 2.4.57 **Description** The issue is related to a HTTP/2 connection with an initial window size of 0, which can block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well known "slow loris" attack pattern. The connection can be terminated properly after the configured connection timeout in version 2.4.58. **Recommendations** Apache HTTP Server versions 2.4.55 through 2.4.57: Upgrade to version 2.4.58, which fixes the issue. As a temporary workaround, consider configuring the connection timeout to a lower value to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VIGRA Computer Vision Library version 1.11.1 **Description** The issue is related to a segmentation fault in the `read image band()` function, located in the impex.hxx file. It can be triggered by a crafted file, leading to a denial of service. **Recommendations** For version 1.11.1, consider avoiding the use of the `read image band()` function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation.