Dongzhuozhao

Name of the Vulnerable Software and Affected Versions: texlive-bin version c515e Description: The issue is related to a heap buffer overflow in the `ttfLoadHDMX:ttfdump` function of the texlive-bin component in TeX Live computer typesetting systems. This allows attackers to cause a Denial of Service (DoS) by supplying a crafted TTF file. The vulnerability can be exploited by a remote attacker to disrupt service. Recommendations: For texlive-bin version c515e, consider disabling the `ttfLoadHDMX:ttfdump` function as a temporary workaround until a patch is available to prevent potential Denial of Service attacks.

**Name of the Vulnerable Software and Affected Versions** Jsish version 3.0.11 **Description** An issue in Jsish allows a remote attacker to cause a denial of service via the `Jsi ValueIsNumber` function in the ./src/jsiValue.c file. **Recommendations** For Jsish version 3.0.11, as a temporary workaround, consider disabling the `Jsi ValueIsNumber` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.