Dr3Dd

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 visionOS versions prior to 26.5 **Description** Processing maliciously crafted web content may lead to an unexpected process crash due to improper memory handling. **Recommendations** Update iOS to version 26.5. Update iPadOS to version 26.5. Update macOS Tahoe to version 26.5. Update visionOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to macOS Tahoe 26.5 **Description** A use-after-free issue, which occurs when a program continues to use a memory address after it has been freed, was addressed with improved memory management. Processing maliciously crafted web content may lead to an unexpected Safari crash. **Recommendations** Update to macOS Tahoe 26.5.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** A use-after-free issue, which occurs when a program continues to use a pointer after it has been freed, was addressed with improved memory management. Processing maliciously crafted web content may lead to an unexpected Safari crash. **Recommendations** Update iOS to version 26.5. Update iPadOS to version 26.5. Update macOS Tahoe to version 26.5. Update tvOS to version 26.5. Update visionOS to version 26.5. Update watchOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** GPAC version 0.8.0 **Description** The issue is related to a heap-based buffer overflow in the `gf m2ts section complete` function in `media tools/mpegts.c`, which can cause a denial of service (DOS) via a crafted MP4 file. This can be exploited by a remote attacker to disrupt service. **Recommendations** For GPAC version 0.8.0, consider disabling the `gf m2ts section complete` function in `media tools/mpegts.c` as a temporary workaround to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 0.8 **Description** The issue is related to the gf dash segmenter probe input function in the MP4Box command, which allows attackers to cause a denial of service due to a NULL pointer dereference. This can be achieved by using a crafted file. The exploitation of this issue enables a remote attacker to disrupt service. **Recommendations** For GPAC version 0.8, consider disabling the gf dash segmenter probe input function as a temporary workaround until a patch is available. Restrict access to the MP4Box command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.