Gustavo Grieco

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 102 **Description** The issue arises from the ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP, which could result in the parser accepting malformed ASN.1. **Recommendations** For versions prior to 102, update to version 102 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13 iCloud for Windows versions prior to 7.0 watchOS versions prior to 4 iOS versions prior to 11 iTunes for Windows versions prior to 12.7 **Description** A null pointer dereference issue was addressed with improved validation. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution. **Recommendations** For macOS High Sierra, update to version 10.13 or later. For iCloud for Windows, update to version 7.0 or later. For watchOS, update to version 4 or later. For iOS, update to version 11 or later. For iTunes for Windows, update to version 12.7 or later.

**Name of the Vulnerable Software and Affected Versions** Webkit version 2.4.11 **Description** The issue allows remote attackers to cause a denial of service, specifically memory consumption, by exploiting the regex code. This can be achieved by using a large number of `(` and `$` characters followed by `{-2,16}` and a large number of `+` characters. **Recommendations** For Webkit version 2.4.11, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mplayer (affected versions not specified) **Description** The issue is related to an integer overflow in the demuxer function, specifically in the libmpdemux/demux gif.c component of Mplayer. This overflow can be triggered by remote attackers who provide a gif file with large dimensions, leading to a denial of service (crash). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e **Description** The issue is related to an integer overflow in the `js regcomp` function in `regexp.c`, which allows attackers to cause a denial of service, resulting in an application crash. This can be achieved by providing a crafted regular expression. **Recommendations** For MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e, update to a version that includes the fix for the integer overflow in the `js regcomp` function.

**Name of the Vulnerable Software and Affected Versions** WebKit (affected versions not specified) **Description** The issue allows attackers to cause a denial of service via a crafted Javascript file, specifically through an out-of-bounds heap read in JavaScriptCore. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libavformat version 57.34.103 **Description** The issue allows remote attackers to cause a denial of service, specifically an out-of-bounds read, by using a crafted mp3 file. This is related to the avcodec decode audio4 function in libavcodec. **Recommendations** For libavformat version 57.34.103, consider updating to a newer version that contains a fix for this issue to prevent out-of-bounds read attacks. As a temporary workaround, restrict the use of the avcodec decode audio4 function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Artifex Software MuJS (affected versions not specified) **Description** The issue allows attackers to cause a denial of service, resulting in a crash, through vectors related to incomplete escape sequences. This problem exists due to an incomplete fix for a previous issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 50 **Description** The issue is related to an integer overflow that occurs during the parsing of XML using the Expat library. **Recommendations** For versions prior to 50, update to version 50 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JasPer versions prior to 1.900.5 **Description** The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, by using a crafted BMP image in an imginfo command. This is due to a problem in the `bmp getdata` function. **Recommendations** For versions prior to 1.900.5, update to version 1.900.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `bmp getdata` function until a patch is available. Avoid using the imginfo command with untrusted BMP images until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.24 **Description** A buffer overflow issue exists in the MVG and SVG rendering code, potentially allowing remote attackers to have an unspecified impact. This issue is a result of an incomplete patch. **Recommendations** For GraphicsMagick version 1.3.24, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick versions prior to 1.3.25 **Description** A heap-based buffer overflow issue exists in the EscapeParenthesis function, allowing remote attackers to have an unspecified impact. The exact vectors used for the attack are unknown. **Recommendations** For versions prior to 1.3.25, update to version 1.3.25 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JasPer version 1.900.17 **Description** A double free issue in the `jasper image stop load` function allows remote attackers to cause a denial of service, resulting in a crash, by providing a crafted JPEG 2000 image file. **Recommendations** For JasPer version 1.900.17, consider avoiding the use of the `jasper image stop load` function until a patch is available. As a temporary workaround, restrict the processing of JPEG 2000 image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GD Graphics Library (aka libgd) versions prior to 2.2.3 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file. This is due to a problem in the gd tga.c file. **Recommendations** For versions prior to 2.2.3, update to version 2.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.18 **Description** The issue allows remote attackers to cause a denial of service due to uninitialized memory access. This is achieved through a crafted GIF file that exploits the DecodeImage function in coders/gif.c. **Recommendations** For GraphicsMagick version 1.3.18, consider avoiding the use of the DecodeImage function until a patch is available. As a temporary workaround, restrict the processing of GIF files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Expat (affected versions not specified) **Description** The issue allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. This can be exploited by a remote attacker using a specially crafted document. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jansson versions 2.7 and earlier **Description** The issue allows context-dependent attackers to cause a denial of service through crafted JSON data, leading to deep recursion, stack consumption, and a crash. **Recommendations** For Jansson versions 2.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Xerces C++ versions 3.1.3 and earlier **Description** A use-after-free issue exists in the validators/DTD/DTDScanner.cpp component, allowing context-dependent attackers to have an unspecified impact by including an invalid character in an XML document. **Recommendations** For Apache Xerces C++ versions 3.1.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Xerces-C versions prior to 3.1.3 **Description** The issue is related to multiple buffer overflows in the XML Parser library, specifically in the internal/XMLReader.cpp, util/XMLURL.cpp, and util/XMLUri.cpp files. This can be exploited by remote attackers using a crafted document, potentially leading to a denial of service, such as a segmentation fault or memory corruption, or possibly allowing the execution of arbitrary code. **Recommendations** For Apache Xerces-C versions prior to 3.1.3, update to version 3.1.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XML Parser library until a patch is applied. Avoid processing crafted documents from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 44.0 **Description** The issue is related to an integer overflow in the image-deinterlacing functionality, which can be triggered by a crafted GIF image. This can cause a denial of service, resulting in memory consumption or an application crash. **Recommendations** For versions prior to 44.0, update to version 44.0 or later to resolve the issue.