Fish

**Name of the Vulnerable Software and Affected Versions** GNU Recutils version 1.8 **Description** An issue was discovered in GNU Recutils. There is a NULL pointer dereference in the function `rec field set name()` in the file rec-field.c in librec.a. **Recommendations** For GNU Recutils version 1.8, consider avoiding the use of the `rec field set name()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Recutils version 1.8 **Description** A memory leak issue was found in the `rec buf new` function in `rec-buf.c` when called from `rec parse rset` in `rec-parser.c` within `librec.a`. **Recommendations** For GNU Recutils version 1.8, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GNU Recutils version 1.8 **Description** A memory leak was found in the `rec aggregate reg new` function in `rec-aggregate.c` within `librec.a`. **Recommendations** For GNU Recutils version 1.8, consider updating to a newer version that addresses the memory leak issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Recutils version 1.8 **Description** An issue was discovered in GNU Recutils. There is a NULL pointer dereference in the function rec fex size() in the file rec-fex.c of librec.a. **Recommendations** For GNU Recutils version 1.8, consider avoiding the use of the rec fex size() function until a patch is available. As a temporary workaround, restrict access to the librec.a library to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Recutils version 1.8 **Description** An issue was discovered in the function `rec mset elem destroy()` in the file rec-mset.c, which has a double-free problem. **Recommendations** For GNU Recutils version 1.8, consider avoiding the use of the `rec mset elem destroy()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Recutils version 1.8 **Description** A memory leak issue was found in the rec extract type function within rec-utils.c in librec.a. **Recommendations** For GNU Recutils version 1.8, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.27-RC3 **Description** A heap-based buffer over-read issue exists in the `encodeJp2Header` function of `jp2image.cpp`. This can be triggered by a crafted input, potentially leading to a remote denial of service attack. **Recommendations** For Exiv2 version 0.27-RC3, consider applying a patch or fix that addresses the heap-based buffer over-read issue in the `encodeJp2Header` function to prevent remote denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.27-RC3 **Description** The issue is related to a buffer overflow in the tiffimage int.cpp component of the Exiv2 library, which can lead to a remote denial of service attack when a crafted input is processed. This can cause a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups. **Recommendations** For Exiv2 version 0.27-RC3, consider disabling the `findPrimaryGroups` function in `tiffimage int.cpp` as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.27-RC3 **Description** The issue is related to an infinite loop in the `encodeJp2Header` function of `jp2image.cpp`. A crafted input can cause a remote denial of service attack. **Recommendations** For Exiv2 version 0.27-RC3, consider disabling the `encodeJp2Header` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Exiv2 versions 0.27-RC3 **Description** A heap-based buffer over-read issue exists in the Exiv2::tEXtToDataBuf function of pngimage.cpp. This can be exploited by a crafted input, leading to a remote denial of service attack. **Recommendations** For Exiv2 version 0.27-RC3, consider applying a patch or fix that addresses the heap-based buffer over-read issue in the Exiv2::tEXtToDataBuf function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF version 1.14.0 **Description** The issue allows remote attackers to cause a denial of service through recursive calls followed by a crash from excessive stack consumption via a crafted svg file. This is demonstrated by mupdf-gl. **Recommendations** For Artifex MuPDF version 1.14.0, consider updating to a newer version that contains a fix for this issue, as using a crafted svg file can lead to a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF version 1.14.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted svg file. This is due to a NULL pointer dereference in the `svg run image` function. **Recommendations** For Artifex MuPDF version 1.14.0, consider avoiding the use of crafted svg files until a patch is available. As a temporary workaround, restrict the processing of svg files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF version 1.14.0 **Description** The issue is related to an out-of-bounds read in the `fz run t3 glyph` function located in `fitz/font.c`. This has been demonstrated using the `mutool` utility. **Recommendations** For Artifex MuPDF version 1.14.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.00 **Description** The issue allows remote attackers to cause a denial of service via a crafted pdf file. This is due to a NULL pointer dereference in the `DCTStream::decodeImage` function in Stream.cc. **Recommendations** For Xpdf version 4.00, consider disabling the `DCTStream::decodeImage` function as a temporary workaround until a patch is available. Restrict access to crafted pdf files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.00 **Description** The issue allows remote attackers to cause a denial of service, specifically a heap-based buffer over-read, via a crafted pdf file. This is demonstrated by the use of pdftoppm, which exploits the `CCITTFaxStream::readRow()` function in Stream.cc. **Recommendations** For Xpdf version 4.00, consider disabling the `CCITTFaxStream::readRow()` function in Stream.cc as a temporary workaround until a patch is available. Restrict access to handling crafted pdf files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.00 **Description** The issue allows remote attackers to cause a denial of service via a crafted pdf file. This can be achieved by exploiting the GfxImageColorMap class in GfxState.cc. A demonstration of this exploit is possible using pdftoppm. **Recommendations** For Xpdf version 4.00, consider updating to a newer version that contains a fix for this issue, as the current version allows for a heap-based buffer over-read. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.00 **Description** The issue allows remote attackers to cause a denial of service via a crafted pdf file. This is due to a stack-based buffer over-read in the function Object::isName() in Object.h, which is called from Gfx::opSetFillColorN. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For Xpdf version 4.00, consider disabling the Object::isName() function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.00 **Description** The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, via a crafted pdf file. This is demonstrated by the use of pdftoppm, which interacts with the vulnerable function. **Recommendations** For Xpdf version 4.00, consider disabling the DCTStream::readScan function in Stream.cc as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.00 **Description** The issue allows remote attackers to cause a denial of service via a crafted pdf file. This is due to a NULL pointer dereference in the `DCTStream::getBlock` function in Stream.cc. **Recommendations** For Xpdf version 4.00, consider avoiding the use of the `DCTStream::getBlock` function until a patch is available. As a temporary workaround, restrict the processing of crafted pdf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoundTouch version 2.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and application exit. This can be demonstrated using SoundStretch. **Recommendations** For SoundTouch version 2.0, consider applying a patch or fix to prevent the assertion failure and application exit caused by the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.