Cole Dilorenzo

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to commit bf814 **Description** The issue is related to an out of bounds read via the `dist->alphabet size` variable in the `read vlc prefix()` function. **Recommendations** For versions prior to commit bf814, consider applying a patch that fixes the out of bounds read issue in the `read vlc prefix()` function. As a temporary workaround, consider restricting access to the `read vlc prefix()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.0.2068 **Description** The issue is caused by a heap-use-after-free in memory allocated in the function `ga grow inner` and an integer overflow when using the `:history` command. This can potentially lead to a denial of service. The vulnerability is related to the `ga grow inner` function in the file `src/alloc.c` and the `do cmdline` function in the file `src/ex docmd.c`. The `:history` command can cause an integer overflow, potentially leading to a use-after-free. **Recommendations** For versions prior to 9.0.2068, update to version 9.0.2068 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `:history` command until a patch is available. Restrict access to the vulnerable function `ga grow inner` to minimize the risk of exploitation.