Duc Anh Nguyen

**Name of the Vulnerable Software and Affected Versions** LibreOffice versions 26.2 through 26.2.2 LibreOffice versions 25.8 through 25.8.6 **Description** An out-of-bounds write occurs when processing crafted OOXML documents that contain mismatched encryption salt parameters. An out-of-bounds write is a memory corruption issue where data is written outside the intended boundary of a buffer, potentially leading to crashes or arbitrary code execution. **Recommendations** Update LibreOffice versions 26.2 through 26.2.2 to version 26.2.3. Update LibreOffice versions 25.8 through 25.8.6 to version 25.8.7.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.6.0 through 4.6.4 **Description** A heap overflow exists in the TLS protocol dissector. A remote attacker can exploit this issue by sending malformed packets or malicious capture files, potentially leading to a denial of service or the execution of arbitrary code. In real-world scenarios, attackers may use this to achieve code execution and subsequently pivot laterally across network infrastructure. **Recommendations** Update to version 4.6.5.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 **Description** A crash in the ZigBee protocol dissector allows for a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 **Description** A crash in the RDP protocol dissector allows for denial of service and possible code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 4.6.0 through 4.6.4 Wireshark versions 4.4.0 through 4.4.14 **Description** A crash in the SBC codec can lead to a denial of service and potentially allow for arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.