Danisjiang

Name of the Vulnerable Software and Affected Versions: libavif versions prior to 1.3.0 Description: The issue is related to integer overflows in multiplications involving `rgbRowBytes`, `yRowBytes`, `uRowBytes`, and `vRowBytes` in the `avifImageRGBToYUV` function in `reformat.c`. Recommendations: For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: libavif versions prior to 1.3.0 Description: The issue is related to an integer overflow and a resultant buffer overflow in the `makeRoom` function within `stream.c`, specifically affecting `stream->offset+size`. Recommendations: For versions prior to 1.3.0, update to version 1.3.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Llama.cpp versions prior to the version patched in commit b2740 **Description** The issue is related to the use of an uninitialized heap variable in the `gguf init from file` function. This can cause the program to crash, leading to a denial of service (DoS). If the file is carefully constructed, it may be possible to control the uninitialized value, potentially causing arbitrary address free problems and leading to exploitation. This could result in arbitrary code execution (RCE). **Recommendations** For versions prior to the patch in commit b2740, update to a version that includes the patch to resolve the issue. As a temporary workaround, consider restricting the use of the `gguf init from file` function until the patch is applied.