Cory Duplantis

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced SystemCare Ultimate version 14.2.0.220 **Description** An information disclosure issue exists due to the way the driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver, potentially resulting in sensitive information disclosure from the kernel. The IN instruction can read four bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users. **Recommendations** For IOBit Advanced SystemCare Ultimate version 14.2.0.220, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced SystemCare Ultimate version 14.2.0.220 **Description** An information disclosure issue exists due to the way the driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver, potentially resulting in sensitive information disclosure from the kernel. The IN instruction can read data from the given I/O device, potentially leaking sensitive device data to unprivileged users. **Recommendations** For IOBit Advanced SystemCare Ultimate version 14.2.0.220, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced SystemCare Ultimate version 14.2.0.220 **Description** An information disclosure issue exists in the way the driver handles Privileged I/O read requests. A specially crafted I/O request packet (IRP) can lead to privileged reads in the context of a driver, resulting in sensitive information disclosure from the kernel. The `IN` instruction can read two bytes from the given I/O device, potentially leaking sensitive device data to unprivileged users. **Recommendations** For IOBit Advanced SystemCare Ultimate version 14.2.0.220, consider disabling the driver's handling of Privileged I/O read requests as a temporary workaround until a patch is available. Restrict access to sensitive device data to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced SystemCare Ultimate version 14.2.0.220 **Description** An information disclosure issue exists in the handling of IOCTL 0x9c40a148. A specially crafted I/O request packet (IRP) can lead to a disclosure of sensitive information. An attacker can send a malicious IRP to trigger this issue. **Recommendations** For IOBit Advanced SystemCare Ultimate version 14.2.0.220, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced SystemCare Ultimate version 14.2.0.220 **Description** A privilege escalation issue exists in the handling of IOCTL 0x9c406144. This can be triggered by a specially crafted I/O request packet (IRP), leading to increased privileges. An attacker can exploit this by sending a malicious IRP. **Recommendations** For IOBit Advanced SystemCare Ultimate version 14.2.0.220, consider restricting access to the IOCTL 0x9c406144 handling until a patch is available. As a temporary workaround, avoid using the vulnerable IOCTL handling to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced SystemCare Ultimate version 14.2.0.220 **Description** A privilege escalation issue exists in the way the driver handles Privileged I/O write requests. During the IOCTL 0x9c40a0e0 operation, the first dword passed in the input buffer specifies the device port to write to, and the dword at offset 4 is the value to write via the OUT instruction. A local attacker can send a malicious IRP to trigger this issue. **Recommendations** For IOBit Advanced SystemCare Ultimate version 14.2.0.220, consider disabling the vulnerable driver until a patch is available to prevent exploitation. Restrict access to the IOCTL 0x9c40a0e0 operation to minimize the risk of privilege escalation. Avoid using the device port and value write functionality via the OUT instruction in the affected driver until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced SystemCare Ultimate version 14.2.0.220 **Description** A privilege escalation issue exists due to the way the driver handles Privileged I/O write requests. Specifically, during the `IOCTL 0x9c40a0dc` operation, the first dword in the input buffer specifies the device port to write to, and the word at offset 4 is the value to write via the `OUT` instruction. This allows writing one byte to the given I/O device port, potentially leading to escalated privileges for unprivileged users. A local attacker can exploit this by sending a malicious IRP. **Recommendations** For IOBit Advanced SystemCare Ultimate version 14.2.0.220, consider restricting access to the IOCTL 0x9c40a0dc operation until a patch is available. As a temporary workaround, disabling the driver's handling of Privileged I/O write requests may mitigate the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IOBit Advanced SystemCare Ultimate version 14.2.0.220 **Description** A privilege escalation issue exists in the way the driver handles Privileged I/O write requests. During the `IOCTL 0x9c40a0d8` operation, the first dword passed in the input buffer specifies the device port to write to, and the byte at offset 4 is the value to write via the `OUT` instruction. This `OUT` instruction can write one byte to the given I/O device port, potentially leading to escalated privileges of unprivileged users. **Recommendations** For IOBit Advanced SystemCare Ultimate version 14.2.0.220, consider disabling the vulnerable driver handling Privileged I/O write requests until a patch is available. Restrict access to the IOCTL 0x9c40a0d8 operation to minimize the risk of exploitation. Avoid using the `OUT` instruction in the affected driver until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Intel Raid Web Console 3 Description: The issue is caused by insufficient input validation, which may allow a remote attacker to cause a denial of service. Recommendations: For Intel Raid Web Console 3, consider restricting network access to the console as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LEADTOOLS version 20.0.2019.3.15 **Description** A heap out of bounds write issue exists in the UI tag parsing functionality of the DICOM image format. This can be triggered by a specially crafted DICOM image, potentially allowing code execution. An attacker can exploit this by crafting a DICOM image to cause an offset beyond the bounds of a heap allocation to be written. **Recommendations** For LEADTOOLS version 20.0.2019.3.15, consider avoiding the use of specially crafted DICOM images until a fix is available. As a temporary workaround, restrict the processing of DICOM images from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LEADTOOLS version 20 **Description** An integer overflow vulnerability exists in the BMP header parsing functionality. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this issue. **Recommendations** For LEADTOOLS version 20, update to a version that includes a fix for the integer overflow vulnerability in the BMP header parsing functionality.

**Name of the Vulnerable Software and Affected Versions** NitroPDF (affected versions not specified) **Description** The issue is related to a Use After Free vulnerability in the CharProcs parsing functionality. It can be triggered by a specially crafted PDF, causing a type confusion that results in a Use After Free. An attacker can exploit this by crafting a malicious PDF. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Aspose.PDF for C++ version 19.2 **Description** A Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this issue. **Recommendations** For Aspose.PDF for C++ version 19.2, consider avoiding the processing of untrusted PDF files until a fix is available. As a temporary workaround, restrict the use of FunctionType 0 PDF elements to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SDL2 image version 2.0.4 **Description** A code execution issue exists in the XPM image rendering function. A specially crafted XPM image can cause an integer overflow in the `colorhash` function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this issue. **Recommendations** For version 2.0.4, consider disabling the XPM image rendering function until a patch is available. Restrict access to the `colorhash` function to minimize the risk of exploitation. Avoid using the XPM image format in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sqlite3 versions 3.26.0 through 3.27.x **Description** The issue is related to an error in the window function of the SQLite database management system. Exploitation of this issue can allow a remote attacker to cause a denial of service. A specially crafted SQL command can trigger a use after free vulnerability, potentially resulting in remote code execution. The problem is caused by an error in the implementation of window functions, starting from the SQLite 3.26 branch. **Recommendations** For versions 3.26.0 through 3.27.x, update to version 3.28 or later to resolve the issue. As a temporary workaround, consider restricting the execution of SQL commands from untrusted sources to minimize the risk of exploitation. Avoid using the window function functionality in SQL commands until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** R version 3.3.0 **Description** A buffer overflow issue exists in the LoadEncoding functionality. This can be triggered by a specially crafted R script, causing a buffer overflow that results in memory corruption. An attacker can exploit this by sending a malicious R script. **Recommendations** For R version 3.3.0, consider disabling the LoadEncoding functionality as a temporary workaround until a patch is available. Restrict access to executing R scripts from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Redis versions 3.2.x prior to 3.2.4 **Description** A buffer overflow in Redis causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the `client-output-buffer-limit` option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. **Recommendations** For Redis versions 3.2.x prior to 3.2.4, update to version 3.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CONFIG SET command to minimize the risk of exploitation. Avoid using the `client-output-buffer-limit` option in the CONFIG SET command until the issue is resolved.