Dimitrios Tatsis

**Name of the Vulnerable Software and Affected Versions** MediaArea MediaInfoLib (affected versions not specified) **Description** A heap buffer overflow occurs during the parsing of ID3v2 tags. A heap buffer overflow is a memory corruption issue that happens when a program writes more data to a heap-allocated memory block than it can hold. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaArea MediaInfoLib (affected versions not specified) **Description** A heap-based buffer overflow occurs during the parsing of LXF files. A heap overflow is a memory corruption issue that happens when a program writes more data to a heap-allocated memory block than it can hold. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaArea MediaInfoLib (affected versions not specified) **Description** A heap-based buffer overflow occurs during the parsing of LXF elements. A heap-based buffer overflow is a memory corruption issue that happens when an application writes more data to a heap-allocated buffer than it can hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MediaArea MediaInfoLib (affected versions not specified) **Description** A heap-based buffer overflow occurs during channel splitting. A heap-based buffer overflow is a condition where a program writes more data to a heap-allocated memory block than it can hold, potentially leading to crashes or arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA CUDA Toolkit (affected versions not specified) **Description** The NVIDIA CUDA Toolkit contains a flaw within the `nvdisasm` binary. A user can trigger an out-of-bounds read condition by providing a specially crafted ELF file to the `nvdisasm` tool. Successful exploitation of this issue could result in a partial denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA CUDA Toolkit (affected versions not specified) **Description** The NVIDIA CUDA Toolkit contains an issue in the `nvdisasm` component. A user could trigger an out-of-bounds write by running `nvdisasm` on a specially crafted ELF file. Exploitation may result in a denial of service. The vulnerable component is `nvdisasm`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA CUDA Toolkit (affected versions not specified) **Description** The NVIDIA CUDA Toolkit contains an issue in the `cuobjdump` utility. An attacker can trigger a stack-based buffer overflow by causing a user to run `cuobjdump` on a specially crafted malicious ELF file. Successful exploitation of this issue may lead to arbitrary code execution with the privileges of the user running `cuobjdump`. The vulnerability is related to out-of-bounds memory access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA CUDA Toolkit (affected versions not specified) **Description** The NVIDIA CUDA Toolkit contains an issue within the `nvdisasm` binary. A user can potentially trigger an out-of-bounds read by providing a specially crafted ELF file to `nvdisasm`. Successful exploitation may result in a partial denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA CUDA Toolkit (affected versions not specified) **Description** The NVIDIA CUDA Toolkit contains a flaw within the `cuobjdump` binary. This issue stems from a failure to validate the length of a buffer when processing an ELF file. Exploitation involves providing a specially crafted, malformed ELF file, which could lead to arbitrary code execution. The `cuobjdump` tool may crash or execute unintended code due to this insufficient buffer length check. The vulnerability allows control over a buffer and its offset, potentially enabling arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA nvJPEG2000 library (affected versions not specified) **Description** The NVIDIA nvJPEG2000 library contains a vulnerability that allows an attacker to cause an out-of-bounds write issue by using a specially crafted JPEG2000 file. A successful exploit of this issue might lead to code execution and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenFOAM version 2506 **Description** A flaw exists in the Code Stream directive functionality that could allow for arbitrary code execution. A malicious OpenFOAM simulation file can trigger this issue, potentially allowing an attacker to execute code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA nvJPEG2000 library (affected versions not specified) **Description** The NVIDIA nvJPEG2000 library contains a vulnerability that allows an attacker to cause an out-of-bounds write issue by means of a specially crafted JPEG2000 file. A successful exploit of this issue might lead to code execution and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA nvJPEG2000 library (affected versions not specified) **Description** The NVIDIA nvJPEG2000 library contains a vulnerability that can cause a heap-based buffer overflow issue when processing a specially crafted JPEG2000 file. This could lead to code execution and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA nvJPEG2000 library (affected versions not specified) **Description** The NVIDIA nvJPEG2000 library contains a vulnerability that allows an attacker to cause a buffer overflow issue using a specially crafted JPEG2000 file. A successful exploit of this issue might lead to data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tinyproxy versions 1.10.0 through 1.11.1 **Description** A use-after-free vulnerability exists in the HTTP Connection Headers parsing in Tinyproxy. This vulnerability can be triggered by a specially crafted HTTP header, leading to memory corruption and potentially allowing remote code execution. An attacker can exploit this issue by making an unauthenticated HTTP request. It is estimated that over 50,000 Tinyproxy instances are exposed to this vulnerability, with nearly 52,000 internet-exposed instances at risk. **Recommendations** For Tinyproxy versions 1.10.0 through 1.11.1, update to version 1.11.2 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the vulnerable HTTP Connection Headers parsing function until a patch is available. Avoid using the affected Tinyproxy versions in production environments, especially those exposed to the public internet, until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** libdicom version 1.0.5 **Description** A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing of memory that is used later. The vulnerability occurs in the `parse meta sequence end()` function while parsing the Sequence Value Representations. An attacker would need to induce the vulnerable application to process a malicious DICOM image to exploit this issue. **Recommendations** For libdicom version 1.0.5, consider disabling the `parse meta sequence end()` function until a patch is available to prevent exploitation. Restrict access to processing DICOM images from untrusted sources to minimize the risk of triggering this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libdicom version 1.0.5 **Description** A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing of memory that is used later. The vulnerability occurs in the `parse meta element create()` function while parsing elements in the File Meta Information header. An attacker would need to induce the vulnerable application to process a malicious DICOM image to exploit this vulnerability. **Recommendations** For libdicom version 1.0.5, consider disabling the `parse meta element create()` function until a patch is available to prevent exploitation. Restrict access to processing DICOM files from untrusted sources to minimize the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPSd version 3.25.1~dev **Description** An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this issue. **Recommendations** For GPSd version 3.25.1~dev, consider disabling the NTRIP Stream Parsing functionality until a patch is available. Restrict access to the affected parsing module to minimize the risk of exploitation. Avoid using the vulnerable functionality in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server (affected versions not specified) **Description** The issue is caused by a buffer overflow in the memory of the DCERPC protocol implementation in VMware vCenter Server. This can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. A malicious actor with network access to vCenter Server can trigger memory corruption by sending a specially crafted packet, leading to an out-of-bounds write. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VMware vCenter Server (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the implementation of the DCERPC protocol. This vulnerability can be exploited by a malicious actor with network access to execute arbitrary code on the underlying operating system that hosts the server. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.