Fantasy

**Name of the Vulnerable Software and Affected Versions** kokke tiny-regex-c versions prior to f2632c6d9ed25272987471cdb8b70395c2460bdb **Description** A flaw in the Pattern Handler component affects the `matchstar()` function within the re.c file. This issue allows for inefficient regular expression complexity, which can be triggered via local execution. **Recommendations** As a temporary workaround, restrict the use of the `matchstar()` function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSC versions prior to 0.26.2 **Description** A buffer overflow occurs in the pkcs11-tool Key Generation Module within the `test kpgen certwrite()` function of the src/tools/pkcs11-tool.c file. This issue allows for remote attacks, although the complexity is high and exploitability is considered difficult. **Recommendations** Apply patch 814f745b3b6d100295f65f1935edd33d520d33ab to resolve the issue. As a temporary workaround, restrict the use of the `test kpgen certwrite()` function.

A weakness has been identified in justdan96 tsMuxer up to 2.7.0. This vulnerability affects the function HevcVpsUnit::setFPS of the file /AFLplusplus/tsMuxer prev/tsMuxer/hevc.cpp. This manipulation of the argument track id causes denial of service. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer.

A security vulnerability has been detected in justdan96 tsMuxer up to 2.7.0. This issue affects the function VvcVpsUnit::setFPS of the file tsMuxer/vvc.cpp. Such manipulation of the argument track id leads to denial of service. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problematic issue has been found, affecting the `isoffin process` function of the `src/filters/isoffin read.c` file in the MP4Box component. This issue leads to an infinite loop. The attack can be launched on the local host. Recommendations: Apply a patch to fix this issue, specifically the patch with identifier 20c0f29139a82779b86453ce7f68d0681ec7624c.

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problematic issue was found, affecting the `swf svg add iso sample` function of the `src/filters/load text.c` file in the MP4Box component. This issue leads to a null pointer dereference and requires local access to exploit. The exploit has been publicly disclosed. Recommendations: For GPAC version 2.5-DEV-rev228-g11067ea92-master, apply the patch identified as 31e499d310a48bd17c8b055a0bfe0fe35887a7cd to fix this issue. As a temporary workaround, consider disabling the `swf svg add iso sample` function until the patch is applied.

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problematic issue has been found, affecting the function `m2tsdmx on event` of the file `src/filters/dmx m2ts.c` of the component MP4Box. The manipulation leads to null pointer dereference. An attack must be approached locally. The exploit has been disclosed to the public and may be used. Recommendations: Apply a patch to fix this issue, specifically the patch named `8767ed0a77c4b02287db3723e92c2169f67c85d5`. As a temporary workaround, consider disabling the `m2tsdmx on event` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: GPAC version 2.5-DEV-rev228-g11067ea92-master Description: A problem was found in the function `xmt node end` of the file `src/scene manager/loader xmt.c` of the component MP4Box. The issue leads to use after free. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Recommendations: To fix this issue, apply the patch f4b3e4d2f91bc1749e7a924a8ab171af03a355a8/c1b9c794bad8f262c56f3cf690567980d96662f5. As a temporary workaround, consider disabling the `xmt node end` function until the patch is applied. Restrict access to the `loader xmt.c` file to minimize the risk of exploitation.