Fstark-Prog

**Name of the Vulnerable Software and Affected Versions** jhead version 3.04 **Description** The issue allows local attackers to execute arbitrary code and cause a denial of service (DoS) due to a Buffer Overflow vulnerability in the jpgfile.c file. **Recommendations** For version 3.04, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** JHEAD versions 3.04 and earlier **Description** The issue is related to a heap-buffer-overflow in the `ReadJpegSections` function, located at `jpgfile.c:285`. This can be triggered by crafted jpeg images, potentially causing a program crash or incorrect exif information retrieval. **Recommendations** For JHEAD version 3.04 and earlier, users are advised to upgrade to a newer version to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libass versions prior to 0.15.0 Description: The issue is related to a stack overflow in the `parse tag` function in `libass/ass parse.c`. This allows remote attackers to cause a denial of service or potentially execute remote code via a crafted file. Recommendations: For versions prior to 0.15.0, update to version 0.15.0 or later to resolve the issue. As a temporary workaround, consider restricting access to files that could be used to exploit this issue until a patch is applied.