Glen-Mac

**Name of the Vulnerable Software and Affected Versions** The Sleuth Kit versions 4.0.2 through 4.6.1 **Description** An issue was discovered in the function `tsk UTF16toUTF8` in `tsk/base/tsk unicode.c` which could allow an attacker to disclose information or cause a denial of service attack by manipulating an out-of-bounds read of a memory region. **Recommendations** For versions 4.0.2 through 4.6.1, consider restricting access to the `tsk UTF16toUTF8` function in `tsk/base/tsk unicode.c` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Sleuth Kit (TSK) versions 4.0.2 through 4.6.1 **Description** An issue was discovered in the function `ntfs fix idxrec` in `tsk/fs/ntfs dent.cpp`, which could allow an attacker to disclose information or cause a denial of service due to an out-of-bounds read of a memory region. **Recommendations** For versions 4.0.2 through 4.6.1, consider restricting access to the `ntfs fix idxrec` function in `tsk/fs/ntfs dent.cpp` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Sleuth Kit (TSK) versions 4.0.2 through 4.6.1 **Description** An issue was discovered in the function `ntfs make data run` in `tsk/fs/ntfs.c`, which could allow an attacker to disclose information or cause a denial of service attack by manipulating an out-of-bounds read of a memory region. **Recommendations** For versions 4.0.2 through 4.6.1, consider restricting access to the `ntfs make data run` function in `tsk/fs/ntfs.c` until a patch is available. As a temporary workaround, avoid using the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** The Sleuth Kit versions 4.0.2 through 4.6.1 **Description** An issue was discovered in the function `raw read` in `tsk/img/raw.c`, which could allow an attacker to disclose information or cause a denial of service attack by manipulating an out-of-bounds read of a memory region. **Recommendations** For versions 4.0.2 through 4.6.1, consider restricting access to the `raw read` function in `tsk/img/raw.c` until a patch is available. As a temporary workaround, avoid using the `raw read` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LibSass versions prior to 3.5.5 **Description** A NULL pointer dereference was found in the `Sass::Functions::selector append` function, which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. **Recommendations** For versions prior to 3.5.5, update to version 3.5.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `Sass::Functions::selector append` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibSass versions prior to 3.5.5 **Description** A NULL pointer dereference was found in the function Sass::Inspect::operator, which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. **Recommendations** For versions prior to 3.5.5, update to version 3.5.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Sass::Inspect::operator function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibSass versions prior to 3.5.5 **Description** An issue was discovered in the function Sass::Prelexer::exactly() that could allow an attacker to disclose information or cause a denial of service due to an out-of-bounds read of a memory region. **Recommendations** For versions prior to 3.5.5, update to version 3.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Sass::Prelexer::exactly() function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibSass versions prior to 3.5.5 **Description** An issue was discovered in LibSass where an out-of-bounds read of a memory region was found in the function Sass::handle error. This could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory, causing a denial of service. **Recommendations** For versions prior to 3.5.5, update to version 3.5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the Sass::handle error function until a patch is available.