Gynvael Coldwind

**Name of the Vulnerable Software and Affected Versions** GNU libmicrohttpd versions prior to 0.9.76 **Description** The issue is related to the improper parsing of a multipart/form-data boundary in the MHD create post processor() method. This can be exploited by an attacker to send a malicious HTTP POST packet, potentially resulting in an out-of-bounds read and a crash in the find boundary() function. The exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For GNU libmicrohttpd versions prior to 0.9.76, update to version 0.9.76 or later to resolve the issue. As a temporary workaround, consider restricting access to the postprocessor.c module or disabling the MHD create post processor() function until a patch is available. Avoid using the `boundary` field in multipart/form-data requests until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Crow versions through 1.0+4 **Description** The issue is related to HTTP applications based on Crow, which may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with a lack of protection for service data. **Recommendations** For Crow versions through 1.0+4, consider updating to a version that fixes this issue, as the current version may reveal sensitive data from stack memory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Crow versions through 1.0+4 **Description** The issue is related to HTTP applications based on Crow, where the use of HTTP pipelining can lead to a Use-After-Free condition, potentially allowing code execution. This occurs because the asynchronous Connection layer is unaware of HTTP pipelining, specifically that it has begun processing a later request before finishing an earlier one. The vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Crow versions through 1.0+4, consider disabling HTTP pipelining as a temporary workaround to minimize the risk of exploitation. Restrict access to the HTTP parser to prevent the use of HTTP pipelining until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problematic vulnerability has been found in FFmpeg, affecting the `decode pulses` function. This issue leads to memory corruption and can be initiated remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `decode pulses` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problem has been found in FFmpeg. It is related to an unknown function in the libavcodec/dxtroy.c file, which leads to an integer coercion error. This issue can be exploited remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this problem. As a temporary workaround, consider restricting access to the affected function in the libavcodec/dxtroy.c file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A critical issue has been found in the function `read var block data`, which leads to memory corruption. The manipulation can be launched remotely. **Recommendations** For FFmpeg version 2.0, apply a patch to fix this issue. As a temporary workaround, consider disabling the `read var block data` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A critical vulnerability was found in FFmpeg, affecting the `rpza decode stream` function. This issue leads to memory corruption and can be initiated remotely. The patch, named Fixes Invalid Writes, is intended to resolve this problem. **Recommendations** Apply the Fixes Invalid Writes patch to fix this issue. As a temporary workaround, consider disabling the `rpza decode stream` function until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A critical issue affects the function `decode slice header` of the file `libavcodec/h64.c`, leading to memory corruption. The attack can be launched remotely. **Recommendations** For FFmpeg version 2.0, apply a patch to fix this issue. As a temporary workaround, consider restricting access to the `decode slice header` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problem has been found that affects the function `ff init buffer info` of the file `utils.c`. The manipulation leads to memory corruption. The attack may be initiated remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `ff init buffer info` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problem has been found that affects the `msrle decode frame` function of the file libavcodec/msrle.c. This issue leads to memory corruption and can be initiated remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `msrle decode frame` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problem has been found in the function `dnxhd init rc` of the file `libavcodec/dnxhdenc.c`. This issue leads to memory corruption and can be exploited remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `dnxhd init rc` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A vulnerability has been found in FFmpeg, affecting the `decode hextile` function of the file `libavcodec/vmnc.c`. This issue leads to memory corruption and can be initiated remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `decode hextile` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problematic issue has been found in the function `vorbis header` of the file `libavformat/oggparsevorbis.c`. The manipulation leads to memory corruption. It is possible to launch the attack remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `vorbis header` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A vulnerability was found in FFmpeg and classified as problematic. This issue affects the function `get siz` of the file `libavcodec/jpeg2000dec.c`. The manipulation leads to memory corruption. The attack may be initiated remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `get siz` function until a patch is available. Restrict access to the `libavcodec/jpeg2000dec.c` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problematic issue was found in FFmpeg, affecting the `decode vol header` function of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption and can be initiated remotely. **Recommendations** To fix this issue, apply a patch to FFmpeg version 2.0. As a temporary workaround, consider disabling the `decode vol header` function until a patch is available. Restrict access to the affected file libavcodec/mpeg4videodec.c to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problem has been found in the decode frame function of the libavcodec/ansi.c file. This issue leads to an integer coercion error and can be exploited remotely. **Recommendations** To fix this issue, it is recommended to apply a patch.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problematic issue has been found in the function `intra pred` of the file `libavcodec/hevcpred template.c`. This issue leads to memory corruption and can be exploited remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `intra pred` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problematic issue has been found in FFmpeg, affecting the `add yblock` function of the `libavcodec/snow.h` file. This manipulation leads to memory corruption and can be initiated remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue. As a temporary workaround, consider disabling the `add yblock` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A problematic issue has been found in the function `output frame` of the file `libavcodec/h264.c`, leading to memory corruption. The attack may be launched remotely. **Recommendations** To fix this issue, it is recommended to apply a patch. As a temporary workaround, consider disabling the `output frame` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 2.0 **Description** A vulnerability was found in the HEVC Video Decoder component, leading to memory corruption when manipulated. The attack can be launched remotely. **Recommendations** For FFmpeg version 2.0, it is recommended to apply a patch to fix this issue.