Gjduck

**Name of the Vulnerable Software and Affected Versions** GNU Midnight Commander version 4.8.29-146-g299d9a2fb **Description** A NULL pointer dereference was discovered via the function `x error handler()` at `tty/x11conn.c`. This issue is disputed as it may be categorized as a usability problem, where an X operation silently fails. **Recommendations** For GNU Midnight Commander version 4.8.29-146-g299d9a2fb, consider disabling the `x error handler()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LLVM version 15.0.0 **Description** The issue is related to a NULL pointer dereference in the `parseOneMetadata()` function. This can be triggered via a crafted `pdflatex.fmt` file or possibly a crafted `.o` file to `llvm-lto`. However, the relationship between `pdflatex.fmt` and any LLVM language front end is not clearly explained, and some consider a crash of the `llvm-lto` application to be a usability problem rather than a security issue. **Recommendations** For LLVM version 15.0.0, as a temporary workaround, consider disabling the `parseOneMetadata()` function until a patch is available. Restrict access to crafted files that could trigger this issue to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MiniZinc versions prior to 2.8.0 **Description** The issue allows a NULL pointer dereference via `ti expr` in a crafted .mzn file. This is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of attacker-controlled .mzn files. **Recommendations** For versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue. As a temporary workaround, consider restricting the processing of crafted .mzn files to minimize the risk of exploitation. Avoid using the `ti expr` function with untrusted input until the issue is resolved.