Hadowblad3

**Name of the Vulnerable Software and Affected Versions** Z3 versions prior to 4.8.8 **Description** The issue is related to a use-after-free vulnerability in the file pdd simplifier.cpp. It occurs when the solver attempts to simplify constraints, leading to unexpected memory access. This can result in segmentation faults or arbitrary code execution. **Recommendations** For versions prior to 4.8.8, update to version 4.8.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Axiomatic Bento4 (affected versions not specified) **Description** A critical vulnerability was found in Axiomatic Bento4, affecting the function `AP4 StdcFileByteStream::ReadPartial` of the file `Ap4StdCFileByteStream.cpp` in the `mp4info` component. This vulnerability leads to a heap-based buffer overflow and can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ming version 0.4.8 **Description** The issue is related to an out-of-bounds buffer access in the `getString()` function located in the decompiler.c file. This causes a direct segmentation fault, leading to denial of service. **Recommendations** For Ming version 0.4.8, consider disabling the `getString()` function as a temporary workaround until a patch is available. Restrict access to the decompiler.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ming version 0.4.8 **Description** The issue is related to an out-of-bounds buffer access in the function `decompileINCR DECR()` located in the `decompiler.c` file. This causes a direct segmentation fault, leading to denial of service. **Recommendations** For Ming version 0.4.8, consider disabling the `decompileINCR DECR()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ming version 0.4.8 **Description** The issue is related to an out-of-bounds read in the `decompileIF()` function located in the decompile.c file. This out-of-bounds read causes a direct segmentation fault, leading to denial of service. **Recommendations** For Ming version 0.4.8, consider disabling the `decompileIF()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Ming version 0.4.8 **Description** The issue is an out-of-bounds buffer overwrite in the `getName()` function located in the decompiler.c file. This causes a direct segmentation fault, leading to denial of service. **Recommendations** For Ming version 0.4.8, consider disabling the `getName()` function as a temporary workaround until a patch is available. Restrict access to the decompiler.c file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ming version 0.4.8 **Description** The issue is an out-of-bounds read vulnerability in the function `newVar N()` in `decompile.c`, which causes a significant information leak. **Recommendations** For Ming version 0.4.8, consider disabling the `newVar N()` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Gpac version 1.0.1 **Description** The issue is related to a double-free vulnerability in the `gf text get utf8 line` function in `load text.c`, which can be exploited by attackers to cause a denial of service, potentially leading to code execution and escalation of privileges. **Recommendations** For Gpac version 1.0.1, consider disabling the `gf text get utf8 line` function in `load text.c` as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bento version 1.5.1-628 Description: A buffer overflow vulnerability in Ap4ElstAtom.cpp leads to a denial of service (DOS). Recommendations: For Bento version 1.5.1-628, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bento version 1.5.1-628 Description: A heap buffer overflow vulnerability in Ap4TrunAtom.cpp may lead to an out-of-bounds write while running mp42aac, resulting in system crashes and a denial of service. Recommendations: For Bento version 1.5.1-628, consider updating to a newer version to mitigate the risk, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Bento version 1.5.1-628 Description: The issue is caused by an unhandled memory allocation failure in Core/Ap48bdlAtom.cpp, leading to a NULL pointer dereference and resulting in a denial of service (DOS). Recommendations: For Bento version 1.5.1-628, consider applying a patch or fix to handle memory allocation failures in Core/Ap48bdlAtom.cpp to prevent NULL pointer dereferences. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gpac versions through 1.0.1 **Description** A Segmentation fault exists caused by a null pointer dereference in the `naludmx create avc decoder config` function in `reframe nalu.c` when using `mp4box`, which causes a denial of service. **Recommendations** For Gpac versions through 1.0.1, as a temporary workaround, consider disabling the `naludmx create avc decoder config` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gpac versions through 1.0.1 **Description** The issue is related to a double-free vulnerability in the `iloc entry del` function in `box code meta.c`, which can cause a denial of service. This vulnerability allows attackers to exploit the `iloc entry del` function, potentially leading to service disruption. **Recommendations** For versions through 1.0.1, consider restricting access to the `iloc entry del` function in `box code meta.c` to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.