Helson-S

**Name of the Vulnerable Software and Affected Versions** cute png version 1.05 **Description** A heap buffer overflow issue was discovered via the `cp make32()` function at `cute png.h`. **Recommendations** For cute png version 1.05, consider disabling the `cp make32()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** hicolor version 0.5.0 **Description** A heap buffer overflow in the function `cp stored()` (`/vendor/cute png.h`) allows attackers to cause a Denial of Service (DoS) via a crafted PNG file. This issue also risks crashes, data corruption, and potentially Remote Code Execution (RCE). **Recommendations** For hicolor version 0.5.0, update to a patched version as soon as possible to resolve the issue. As a temporary workaround, consider restricting the handling of PNG files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** taurusxin ncmdump version 1.3.2 **Description** The issue is related to a segmentation violation via the `NeteaseCrypt::FixMetadata()` function. This allows attackers to cause a Denial of Service (DoS) by using a crafted .ncm file. The vulnerability is located at /src/ncmcrypt.cpp. **Recommendations** For version 1.3.2, consider disabling the `NeteaseCrypt::FixMetadata()` function as a temporary workaround until a patch is available. Restrict access to crafted .ncm files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** taurusxin ncmdump version 1.3.2 **Description** The issue allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file. **Recommendations** For version 1.3.2, consider avoiding the use of crafted .ncm files until a patch is available. As a temporary workaround, restrict the processing of .ncm files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** phiola version 2.0-rc22 **Description** The issue is a Buffer-Overflow vulnerability located at pcm convert.h:513. This vulnerability allows a remote attacker to execute arbitrary code via a crafted .wav file. **Recommendations** For phiola version 2.0-rc22, consider disabling the functionality that handles .wav files until a patch is available. Restrict access to the pcm convert.h module to minimize the risk of exploitation. Avoid using the vulnerable function related to the pcm convert.h:513 line until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phiola version 2.0-rc22 **Description** An issue in phiola/src/afilter/pcm convert.h:513 allows a remote attacker to execute arbitrary code via a crafted .wav file. **Recommendations** For phiola version 2.0-rc22, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stsaz phiola version 2.0-rc22 **Description** The issue is related to a Buffer-Overflow vulnerability at conv.c:68, which allows a remote attacker to execute arbitrary code via a crafted .wav file. **Recommendations** For version 2.0-rc22, consider disabling the functionality that handles .wav files until a patch is available. Restrict access to the conv.c module to minimize the risk of exploitation. Avoid using the vulnerable code path in the stsaz phiola application until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.