Hans Jerry Illikainen

Name of the Vulnerable Software and Affected Versions: Libnsbmp version 0.1.2 Description: The issue allows context-dependent attackers to cause a denial of service, specifically an out-of-bounds read, by providing a crafted color table to either the `bmp decode rgb` or `bmp decode rle` function. Recommendations: For Libnsbmp version 0.1.2, consider restricting the input to the `bmp decode rgb` and `bmp decode rle` functions to prevent the out-of-bounds read until a patch is available.

Name of the Vulnerable Software and Affected Versions: Libnsgif version 0.1.2 Description: The issue allows context-dependent attackers to cause a denial of service, resulting in an out-of-bounds read and application crash, via a crafted LZW stream in a GIF file. Recommendations: For Libnsgif version 0.1.2, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Libnsgif version 0.1.2 Description: The issue is a stack-based buffer overflow in the `gif next LZW` function, which can be triggered by a crafted LZW stream in a GIF file. This can cause a denial of service, resulting in an application crash, or potentially allow the execution of arbitrary code. Recommendations: For Libnsgif version 0.1.2, consider updating to a newer version that addresses this issue, as using a crafted GIF file could lead to a denial of service or code execution. If no update is available, as a temporary workaround, consider restricting the use of GIF files or implementing additional validation on LZW streams to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Libnsbmp version 0.1.2 Description: The issue is related to a heap-based buffer overflow in the `bmp decode rle` function in `libnsbmp.c`. This allows context-dependent attackers to cause a denial of service, potentially leading to an application crash, or possibly execute arbitrary code. The attack vector involves the last row of RLE data in a crafted BMP file. Recommendations: For Libnsbmp version 0.1.2, consider disabling the `bmp decode rle` function until a patch is available to prevent potential exploitation. Restrict access to crafted BMP files to minimize the risk of denial of service or arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC media player versions prior to 2.2.8 **Description** The issue is related to a type conversion vulnerability in the MP4 demux module, specifically in the `libmp4.c` file. This vulnerability can lead to an invalid free operation because the type of a box may be changed between a read operation and a free operation. **Recommendations** For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider disabling the MP4 demux module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP versions 5.6.x through 7.0.7 **Description** The issue is related to the `/ext/phar/phar object.c` component in PHP, which is associated with the use of memory after it has been freed. This can allow a remote attacker to execute arbitrary code. The problem was introduced as part of an incomplete fix to a previous issue. **Recommendations** For PHP version 5.6.x, update to a version that includes a complete fix for the issue. For PHP version 7.0.7, update to a version that includes a complete fix for the issue. As a temporary workaround, consider restricting access to the `/ext/phar/phar object.c` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.38 PHP versions 5.6.x prior to 5.6.24 PHP versions 7.x prior to 7.0.9 **Description** The issue is related to the `bzread` function in the PHP interpreter, which is vulnerable to a buffer overflow in memory. This can be exploited by a remote attacker using a specially crafted .bz2 archive, potentially leading to a denial of service or the execution of arbitrary code. **Recommendations** For PHP versions prior to 5.5.38, update to version 5.5.38 or later. For PHP versions 5.6.x prior to 5.6.24, update to version 5.6.24 or later. For PHP versions 7.x prior to 7.0.9, update to version 7.0.9 or later.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 7.0.6 **Description** The issue is related to multiple integer overflows in the zip extension, specifically in the php zip.c file. This can be exploited by remote attackers through crafted calls to the `getFromIndex` or `getFromName` functions in the ZipArchive class, potentially leading to a denial of service (heap-based buffer overflow and application crash) or other unspecified impacts. **Recommendations** For PHP versions prior to 7.0.6, update to version 7.0.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GD Graphics Library version 2.1.1 **Description** The issue is related to an integer signedness error that can be triggered by crafted compressed gd2 data, potentially leading to a denial of service or arbitrary code execution due to a heap-based buffer overflow. **Recommendations** For GD Graphics Library version 2.1.1, update to a version that fixes the integer signedness error to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** OptiPNG versions prior to 0.7.6 **Description** The issue allows remote attackers to cause a denial of service, resulting in an invalid memory write and crash. This is achieved through a series of delta escapes in a crafted BMP image, specifically targeting the `bmp read rows` function in `pnxtern/pngxrbmp.c`. **Recommendations** For versions prior to 0.7.6, update to version 0.7.6 or later to resolve the issue. As a temporary workaround, consider restricting the processing of BMP images from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** PHP versions prior to 5.5.32 PHP versions 5.6.x prior to 5.6.18 PHP versions 7.x prior to 7.0.3 **Description** A stack-based buffer overflow issue exists in the ext/phar/tar.c component of PHP, allowing remote attackers to cause a denial of service or possibly have other unspecified impacts via a crafted TAR archive. **Recommendations** For PHP versions prior to 5.5.32, update to version 5.5.32 or later. For PHP versions 5.6.x prior to 5.6.18, update to version 5.6.18 or later. For PHP versions 7.x prior to 7.0.3, update to version 7.0.3 or later.

**Name of the Vulnerable Software and Affected Versions** giflib version 5.1.1 **Description** The issue is related to a heap-based buffer overflow in the giffix.c file of giflib, which can be triggered by attackers using crafted image and logical screen width fields in a GIF file, leading to a denial of service (program crash). **Recommendations** For giflib version 5.1.1, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue allows attackers to cause a denial of service, which may result in an invalid memory write and crash, or possibly have other unspecified impacts. This can be achieved through crafted field data in an extension tag in a TIFF image. The TIFFVGetField function in tif dir.c is the vulnerable component. **Recommendations** For libtiff version 4.0.6, consider updating to a newer version that addresses this issue, as the current version allows for potential denial of service or other unspecified impacts through the TIFFVGetField function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.