Deng Yi

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.6 **Description** The issue allows remote attackers to cause a denial of service, leading to an assertion failure and application exit, via a crafted TIFF file. This is due to a problem in the TIFFWriteDirectoryTagCheckedRational function in tif dirwrite.c. **Recommendations** For LibTIFF version 4.0.6, consider avoiding the use of the TIFFWriteDirectoryTagCheckedRational function until a patch is available. As a temporary workaround, restrict the processing of crafted TIFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libxml2 version 2.9.4 **Description** The issue is related to the `htmlParseTryOrFinish` function in `HTMLparser.c` in libxml2, which allows attackers to cause a denial of service (buffer over-read) or information disclosure. This is due to a buffer over-read issue, enabling a remote attacker to access confidential data and cause a denial of service. **Recommendations** For libxml2 version 2.9.4, consider disabling the `htmlParseTryOrFinish` function as a temporary workaround until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.