David Hoyt

**Name of the Vulnerable Software and Affected Versions** International Color Consortium DemoIccMAX versions prior to 85ce74e **Description** A logic flaw exists in the `CIccTagXmlProfileSequenceId::ParseXml` function within `IccTagXml.cpp`, causing it to unconditionally return false. This issue is related to the `IccXML/IccLibXML` component. **Recommendations** For International Color Consortium DemoIccMAX versions prior to 85ce74e, update to a version after 85ce74e to resolve the issue. As a temporary workaround, consider restricting the use of the `CIccTagXmlProfileSequenceId::ParseXml` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libIccProfLib2 version 2.1.15 International Color Consortium DemoIccMAX version 79ecb74 **Description** The issue is related to a NULL pointer dereference in the `CIccXformMatrixTRC::GetCurve` method within the `IccCmm.cpp` file. This occurs when processing a maliciously crafted input. The `GetCurve` method is part of the `CIccXformMatrixTRC` class. No information is provided about the estimated number of potentially affected devices or real-world incidents. **Recommendations** For libIccProfLib2 version 2.1.15, consider disabling the `CIccXformMatrixTRC::GetCurve` method until a patch is available. For International Color Consortium DemoIccMAX version 79ecb74, restrict access to the `IccCmm.cpp` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libIccXML.a version 79ecb74 libIccProfLib2 version 2.1.15 **Description** There is a stack-based buffer overflow in the `icFixXml` function in IccXML/IccLibXML/IccUtilXml.cpp. This issue can be exploited by processing a maliciously crafted ICC Color Profile or TIFF image, leading to arbitrary code execution. **Recommendations** For libIccXML.a version 79ecb74, consider disabling the `icFixXml` function until a patch is available. For libIccProfLib2 version 2.1.15, consider disabling the `icFixXml` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** International Color Consortium DemoIccMAX version 79ecb74 libIccProfLib2 version 2.1.15 **Description** There is an out-of-bounds read in the `CIccPRMG::GetChroma` function in `IccProfLib/IccPrmg.cpp` in `libSampleICC.a`. This issue can be triggered by processing a maliciously crafted ICC Color Profile. **Recommendations** For International Color Consortium DemoIccMAX version 79ecb74, consider disabling the `CIccPRMG::GetChroma` function until a patch is available. For libIccProfLib2 version 2.1.15, restrict the use of the `CIccPRMG::GetChroma` function in `IccProfLib/IccPrmg.cpp` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.7.9 macOS versions prior to 12.6.8 macOS versions prior to 13.5 **Description** The issue is related to an out-of-bounds read in the sips component of macOS, which can be exploited by a remote attacker to cause a denial-of-service or potentially disclose memory contents. This is due to insufficient input validation, allowing an operation to exceed memory buffer boundaries. **Recommendations** For macOS versions prior to 11.7.9, update to macOS Big Sur 11.7.9 to resolve the issue. For macOS versions prior to 12.6.8, update to macOS Monterey 12.6.8 to resolve the issue. For macOS versions prior to 13.5, update to macOS Ventura 13.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Ventura 13 **Description** A memory corruption issue existed in the processing of ICC profiles, which was addressed with improved input validation. Processing a maliciously crafted image may lead to arbitrary code execution. **Recommendations** For versions prior to macOS Ventura 13, update to macOS Ventura 13 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SmarterStats version 11.3.6347 **Description** The issue concerns a stored cross-site scripting problem. It occurs when the Referer Field of HTTP logfiles is rendered from the URL /Data/Reports/ReferringURLsWithQueries, allowing for potential malicious script execution. **Recommendations** For version 11.3.6347, consider disabling access to the /Data/Reports/ReferringURLsWithQueries endpoint until a fix is available to prevent exploitation of the stored cross-site scripting issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X Server versions prior to 3.2.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For Apple OS X Server versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mac OS X Server versions prior to 2.2.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Wiki Server component. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML, potentially leading to security breaches. However, specific details about the vectors used for the attack are not provided. **Recommendations** For versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue.