Even Rouault

**Name of the Vulnerable Software and Affected Versions** xerces-c++ version 3.2.3 **Description** The issue is caused by an integer overflow in xerces-c++ that allows remote attackers to cause out-of-bound access via an HTTP request. This can potentially allow a remote attacker to execute arbitrary code by sending a specially crafted HTTP request. **Recommendations** For xerces-c++ version 3.2.3, consider updating to a newer version that contains a fix for this issue, as the current version allows remote attackers to cause out-of-bound access via HTTP requests. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF master branch **Description** The issue is related to an out-of-bounds read in the `LZWDecode` function in `libtiff/tif lzw.c:624`, which can be exploited by attackers to cause a denial-of-service via a crafted tiff file. This can be done remotely. **Recommendations** For users that compile libtiff from sources, the fix is available with commit b4e79bfa. As a temporary workaround, consider disabling the `LZWDecode` function until a patch is available. Restrict access to the `libtiff/tif lzw.c` module to minimize the risk of exploitation. Avoid using crafted tiff files in the affected `LZWDecode` function until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: MapServer versions 7.0.0 through 7.0.7 MapServer versions 7.1.x MapServer versions 7.2.x through 7.2.2 MapServer versions 7.3.x MapServer versions 7.4.x through 7.4.4 MapServer versions 7.5.x MapServer versions 7.6.x through 7.6.2 Description: The issue arises from the improper enforcement of MS MAP NO PATH and MS MAP PATTERN restrictions, which are intended to control the locations from which a mapfile may be loaded when using MapServer CGI. Recommendations: For MapServer versions 7.0.0 through 7.0.7, update to version 7.0.8 or later. For MapServer versions 7.1.x, update to version 7.2.3 or later. For MapServer versions 7.2.x through 7.2.2, update to version 7.2.3 or later. For MapServer versions 7.3.x, update to version 7.4.5 or later. For MapServer versions 7.4.x through 7.4.4, update to version 7.4.5 or later. For MapServer versions 7.5.x, update to version 7.6.3 or later. For MapServer versions 7.6.x through 7.6.2, update to version 7.6.3 or later.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions through 4.0.10 **Description** The issue arises from integer overflow checks in the ` TIFFCheckMalloc` and ` TIFFCheckRealloc` functions within `tif aux.c` of the LibTIFF library. This can lead to an application crash. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions through 4.0.10, consider updating to a version that addresses the integer overflow issue in the ` TIFFCheckMalloc` and ` TIFFCheckRealloc` functions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: SQLite versions prior to 3.22.0 Description: The issue is related to a NULL pointer dereference in the SQLite database management system. It occurs when a database's schema is corrupted using a CREATE TABLE AS statement, specifically involving the build.c and prepare.c components. This could potentially allow a remote attacker to cause a denial of service. Recommendations: For SQLite versions prior to 3.22.0, update to version 3.22.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CREATE TABLE AS statement until a patch is available.

Name of the Vulnerable Software and Affected Versions: LibTIFF version 4.0.9 Description: The issue is related to a Null-Pointer Dereference in the TIFFPrintDirectory function, located in the tif print.c file. This can be demonstrated by a crash in the tiffinfo application. Recommendations: For LibTIFF version 4.0.9, consider updating to a newer version that addresses this issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libcurl (affected versions not specified) **Description** The issue arises when libcurl is used to retrieve a file from a file:// URL, and it attempts to provide meta-data about the file using HTTP-like headers. However, the code sends the wrong buffer to the user, which could be either stdout or the application's provided callback. This wrong buffer is an uninitialized memory area allocated on the heap. If this buffer does not contain any zero byte, the code will continue to display the data following that buffer in memory, potentially leading to the inadvertent display of other private data from the heap. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.7 **Description** The issue is caused by a heap buffer overflow in the tools/tiffcp, resulting in potential denial of service (DoS) or code execution. This can be achieved via a crafted `BitsPerSample` value. The exploitation of this issue may allow a remote attacker to cause a denial of service or execute arbitrary code. **Recommendations** For LibTIFF version 4.0.7, consider updating to a newer version that addresses this issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.7 **Description** The issue is caused by an off-by-one error in the `t2p readwrite pdf image tile` function in `tools/tiff2pdf.c`. This error allows remote attackers to have an unspecified impact via a crafted image. **Recommendations** For LibTIFF version 4.0.7, consider disabling the `t2p readwrite pdf image tile` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to assertions in `tif predict.h` and `tif predict.c` that can lead to assertion failures in debug mode or buffer overflows in release mode when handling unusual tile sizes, such as YCbCr with subsampling. **Recommendations** For libtiff version 4.0.6, consider updating to a newer version that addresses the buffer overflow issue, as the current version has known problems with handling certain tile sizes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff (affected versions not specified) **Description** The issue is caused by a buffer overflow in the tif luv.c function of the LibTIFF library. This allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff (affected versions not specified) **Description** The issue is related to the `tif luv.c` function in the libtiff library, which can cause a denial of service due to out-of-bounds reads. This can be triggered by a crafted TIFF image, potentially allowing a remote attacker to exploit the issue. The problem is described as a buffer overflow in the `tif luv.c` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF (affected versions not specified) **Description** The issue is related to the NeXTDecode function in the tif next.c file of LibTIFF, which allows remote attackers to cause a denial of service due to an out-of-bounds write. This can be achieved by using a crafted TIFF image. The problem stems from a buffer overflow in the NeXTDecode function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libcurl versions prior to the fixed version **Description** The issue is related to a buffer overflow when using the TFTP protocol with libcurl. When a URL contains a very long file name (longer than about 515 bytes), the file name is truncated, but the buffer size is still updated to use the original length. This causes the `sendto()` function to read beyond the end of the heap-based buffer. A malicious HTTP(S) server could exploit this by redirecting a vulnerable libcurl-using client to a crafted TFTP URL, potentially allowing the server to receive private memory contents over UDP. **Recommendations** For libcurl versions prior to the fixed version: Limit curl's redirect protocols with `--proto-redir` and libcurl's with `CURLOPT REDIR PROTOCOLS` to prevent exploitation. As a temporary workaround, consider restricting the use of the TFTP protocol to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LibTIFF versions 3.9.0 through 3.9.2 tiff versions prior to 4.0.2-r1 **Description** The issue is related to the improper handling of invalid ReferenceBlackWhite values in the TIFFYCbCrtoRGB function, which can cause a denial of service (application crash) via a crafted TIFF image. This can be triggered by "downsampled OJPEG input." Additionally, there are multiple vulnerabilities in the tiff package that can lead to breaches of confidentiality, integrity, and availability of protected information, and these can be exploited remotely. **Recommendations** For LibTIFF versions 3.9.0 and 3.9.2, consider updating to a version where the TIFFYCbCrtoRGB function is properly fixed. For tiff versions prior to 4.0.2-r1, update to version 4.0.2-r1 or later to address the multiple vulnerabilities. As a temporary workaround, consider restricting the use of the TIFFYCbCrtoRGB function or avoiding the processing of crafted TIFF images until a patch is available.