Frokaikan

**Name of the Vulnerable Software and Affected Versions** FreeType (affected versions not specified) **Description** The issue is related to a heap buffer overflow via the `sfnt init face` function. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The problem was identified in a specific commit of the FreeType library. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** JSON++ versions prior to 2016-06-15 **Description** The issue is related to a buffer over-read in the `yyparse()` function, located in `json.y`. **Recommendations** For JSON++ versions prior to 2016-06-15, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** wernsey/bitmap versions prior to 2018-08-18 **Description** The issue allows a NULL pointer dereference via a 4-bit image. **Recommendations** For versions prior to 2018-08-18, update to a version released after 2018-08-18 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ffjpeg versions prior to 2018-08-22 **Description** The issue allows remote attackers to cause a denial of service via a progressive JPEG file that lacks an AC Huffman table, resulting in an FPE signal. **Recommendations** For versions prior to 2018-08-22, update to a version released after 2018-08-22 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** catimg version 2.4.0 **Description** A heap-based buffer overflow issue exists in the `stbi bmp load cont` function within `stb image.h`. **Recommendations** For catimg version 2.4.0, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict the use of the `stbi bmp load cont` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Gravity versions prior to 0.5.1 **Description** The issue is related to the lack of support for a maximum recursion depth. **Recommendations** For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue.