Concoctionsec

**Name of the Vulnerable Software and Affected Versions** assimp version 5.1.4 **Description** A use after free issue occurred in the `ColladaParser::ExtractDataObjectFromChannel` function, located in the `/code/AssetLib/Collada/ColladaParser.cpp` file. This issue is related to the implementation of the `ColladaParser::ExtractDataObjectFromChannel()` function in the Open Asset Import Library (Assimp), which is a library for importing 3D models. The exploitation of this issue may allow a remote attacker to gain unauthorized access to confidential information. **Recommendations** For assimp version 5.1.4, consider disabling the `ColladaParser::ExtractDataObjectFromChannel()` function as a temporary workaround until a patch is available. Restrict access to the `/code/AssetLib/Collada/ColladaParser.cpp` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ok-file-formats version 203defd **Description** The issue occurs when using the function of the ok-file-formats project, resulting in a heap-buffer-overflow in the `ok png read data()` function located in "/ok png.c". **Recommendations** For version 203defd, consider disabling the `ok png read data()` function until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** ok-file-formats version 203defd **Description** The issue occurs when using the function of the ok-file-formats project, resulting in a heap-buffer-overflow in the `ok png transform scanline()` function located in "/ok png.c:533". **Recommendations** For version 203defd, consider disabling the `ok png transform scanline()` function until a patch is available to prevent the heap-buffer-overflow.

**Name of the Vulnerable Software and Affected Versions** David Brackeen ok-file-formats dev version **Description** The issue is related to a Buffer Overflow vulnerability. When the function of the ok-file-formats project is used, a heap-buffer-overflow occurs in the `ok jpg generate huffman table()` function located in "/ok jpg.c:403". **Recommendations** For the dev version, consider disabling the `ok jpg generate huffman table()` function until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** David Brackeen ok-file-formats version 203defd **Description** The issue is related to a Buffer Overflow, specifically a heap-buffer-overflow, that occurs when using the function of the ok-file-formats project. This overflow happens in the `ok png transform scanline()` function located in the "/ok png.c" file at line 712. **Recommendations** For version 203defd, consider disabling the `ok png transform scanline()` function as a temporary workaround until a patch is available. Restrict access to the `/ok png.c` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** David Brackeen ok-file-formats version 203defd **Description** The issue is related to a Buffer Overflow that can occur via the function `ok png transform scanline()` in the file "/ok png.c:494". This can potentially lead to exploitation. **Recommendations** For version 203defd, consider disabling the `ok png transform scanline()` function as a temporary workaround until a patch is available. Restrict access to the "/ok png.c" file to minimize the risk of exploitation. Avoid using the affected function in sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ok-file-formats version 1 Description: A Heap-based Buffer Overflow issue exists via the `ok jpg generate huffman table` function in `ok jpg.c`. Recommendations: For ok-file-formats version 1, consider disabling the `ok jpg generate huffman table` function until a patch is available. Restrict access to the `ok jpg.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.11-5 **Description** A vulnerability was found in ImageMagick, where executing a crafted file with the `convert` command, ASAN detects memory leaks. The issue is related to incorrect memory deallocation before removing the last reference, which can be exploited by an attacker to cause a denial of service using a specially crafted file. **Recommendations** For ImageMagick version 7.0.11-5, consider updating to a newer version that contains a fix for this issue, as the current version is affected by memory leaks when executing crafted files with the `convert` command. At the moment, there is no information about a newer version that contains a fix for this vulnerability.