Christian Wressnegger

**Name of the Vulnerable Software and Affected Versions** libarchive versions prior to 3.2.1 **Description** The issue is related to an integer overflow in the ISO9660 writer, which can be triggered by verifying filename lengths when writing an ISO9660 archive. This can lead to a buffer overflow, causing a denial of service or potentially allowing remote attackers to execute arbitrary code. **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ISO9660 writer to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Pidgin versions prior to 2.10.8 **Description** The issue allows a remote attacker to cause a denial of service by manipulating OIM XML headers or via crafted SOAP responses, OIM XML responses, or Content-Length headers, leading to a NULL pointer dereference and crash. **Recommendations** For versions prior to 2.10.8, update to version 2.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to MSN protocol functionality until the update is applied.