Frédéric Basse

**Name of the Vulnerable Software and Affected Versions** DirectFB version 1.4.13 **Description** The issue is related to multiple integer signedness errors in the Dispatch Write function, which can be triggered via the Voodoo interface. This can lead to a denial of service (crash) and potentially allow the execution of arbitrary code due to a stack-based buffer overflow. **Recommendations** For DirectFB version 1.4.13, consider applying a patch or fix that addresses the integer signedness errors in the Dispatch Write function to prevent potential exploitation. As a temporary workaround, restrict access to the Voodoo interface to minimize the risk of a denial of service or arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** DirectFB version 1.4.4 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write in the Dispatch Write function in proxy/dispatcher/idirectfbsurface dispatcher.c. **Recommendations** For DirectFB version 1.4.4, consider disabling the Voodoo interface as a temporary workaround until a patch is available. Restrict access to the Dispatch Write function in proxy/dispatcher/idirectfbsurface dispatcher.c to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LemonLDAP::NG versions prior to 1.2.3 **Description** The issue allows remote attackers to bypass intended access-control restrictions via crafted SAML data, due to the lack of signature-verification capability of the Lasso library. **Recommendations** For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue.