Hongxuchen

**Name of the Vulnerable Software and Affected Versions** Libpff versions prior to 20180623 **Description** The issue is related to an use-after-free vulnerability in the `libpff item tree create node` function, which allows attackers to cause a denial of service or execute arbitrary code via a crafted pff file. This vulnerability can also lead to unauthorized access to confidential data and disruption of data integrity. **Recommendations** For versions prior to 20180623, update to a version released after 20180623 to resolve the issue. As a temporary workaround, consider restricting the use of the `libpff item tree create node` function until a patch is available. Avoid using crafted pff files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Cesanta MJS version 1.20.1 Description: The issue is a stack overflow vulnerability in the `parse array` function, which allows remote attackers to cause a Denial of Service (DoS) via a crafted file. Recommendations: For Cesanta MJS version 1.20.1, as a temporary workaround, consider disabling the `parse array` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Cesanta MJS version 1.20.1 Description: The issue is a stack overflow vulnerability in the `parse value` function, which allows remote attackers to cause a Denial of Service (DoS) via a crafted file. Recommendations: For Cesanta MJS version 1.20.1, as a temporary workaround, consider disabling the `parse value` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libsixel versions prior to 1.8.3 **Description** The issue is related to a stack buffer overflow in the `gif process raster` function at `fromgif.c`, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 1.8.3, update to version 1.8.3 or later to resolve the issue. As a temporary workaround, consider disabling the `gif process raster` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsixel versions prior to 1.8.4 **Description** The issue in the dither.c component of libsixel allows attackers to cause a denial of service via a crafted PNG file. This is related to errors in resource release. Exploitation of the issue enables a remote attacker to cause a denial of service using a specially crafted PNG file. **Recommendations** For versions prior to 1.8.4, update to version 1.8.4 or later to resolve the issue. As a temporary workaround, consider restricting the processing of PNG files from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.8-43 Q16 **Description** The issue is related to a use-after-free error in the `coders/mat.c` function of the ImageMagick console graphic editor. This error can be exploited by a remote attacker to gain access to confidential data, compromise data integrity, and cause a denial of service. The vulnerability can be triggered by crafting a malicious Matlab image file that is mishandled in `ReadImage` in `MagickCore/constitute.c`, leading to an application crash. **Recommendations** For ImageMagick version 7.0.8-43 Q16, consider disabling the `coders/mat.c` function as a temporary workaround until a patch is available. Restrict access to the `ReadImage` function in `MagickCore/constitute.c` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-43 Q16 **Description** The issue allows attackers to cause a denial-of-service, resulting in an application crash due to a heap-based buffer over-read, via a crafted TIFF image file. This is related to functions in LibTIFF, specifically `TIFFRewriteDirectory`, `TIFFWriteDirectory`, `TIFFWriteDirectorySec`, and `TIFFWriteDirectoryTagColormap` in tif dirwrite.c. The problem occurs because of an incomplete fix for a previous issue. **Recommendations** For ImageMagick version 7.0.8-43 Q16, as a temporary workaround, consider disabling the `WriteTIFFImage` function in coders/tiff.c until a patch is available. Restrict access to crafted TIFF image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-41 Q16 **Description** The issue is related to the XWD image parsing component in ImageMagick, which allows attackers to cause a denial-of-service (application crash resulting from an out-of-bounds Read) by crafting a corrupted XWD image file. This can be exploited by a remote attacker to cause a service disruption. **Recommendations** For ImageMagick version 7.0.8-41 Q16, consider avoiding the use of the XWD image parsing component until a patch is available. As a temporary workaround, restrict the processing of XWD image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GoPro GPMF-parser version 1.2.2 **Description** The issue is related to an out-of-bounds write in the OpenMP4Source function located in the demo/GPMF mp4reader.c file. **Recommendations** For GoPro GPMF-parser version 1.2.2, consider updating to a newer version that addresses this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GoPro GPMF-parser version 1.2.2 **Description** The issue is related to an out-of-bounds read and a segmentation fault (SEGV) in the GPMF Next function within the GPMF parser.c file. **Recommendations** For GoPro GPMF-parser version 1.2.2, consider applying a patch or fix to address the out-of-bounds read and SEGV in the GPMF Next function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GoPro GPMF-parser version 1.2.2 **Description** The issue is related to a heap-based buffer over-read in the GPMF Next function located in GPMF parser.c. This over-read is 4 bytes in size. **Recommendations** For GoPro GPMF-parser version 1.2.2, consider applying a patch or fix that addresses the heap-based buffer over-read issue in the GPMF Next function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dropbox Lepton version 1.2.1 Description: The issue is related to a missing check of header payloads in the decompression component, specifically in the io/ZlibCompression.cc file. This allows attackers to craft a jpg image file that can cause a denial of service, resulting in a heap-based buffer overflow and application crash, or possibly have other unspecified impacts. Recommendations: For version 1.2.1, update to a newer version that includes a fix for the missing check of header payloads in the decompression component to prevent the heap-based buffer overflow and application crash.

Name of the Vulnerable Software and Affected Versions: LibSass versions 3.5.5 and earlier Description: The parsing component in LibSass allows attackers to cause a denial-of-service due to uncontrolled recursion in `Sass::Parser::parse css variable value` in parser.cpp. Recommendations: For LibSass versions 3.5.5 and earlier, consider updating to a version later than 3.5.5 to resolve the issue. As a temporary workaround, consider restricting the input to the `parse css variable value` function to minimize the risk of uncontrolled recursion.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-26 Q16 **Description** The issue is related to the Cineon parsing component, which allows attackers to cause a denial-of-service due to uncontrolled resource consumption. This can be achieved by creating a Cineon image with an incorrect claimed image size. The problem stems from the `ReadCINImage` function in `coders/cin.c`, which lacks sufficient checks for image data in a file. An attacker can exploit this by crafting a Cineon image that exceeds the standard size, leading to a denial-of-service. **Recommendations** For ImageMagick version 7.0.8-26 Q16, consider disabling the `ReadCINImage` function as a temporary workaround until a patch is available. Restrict access to the Cineon parsing component to minimize the risk of exploitation. Avoid using the Cineon image format until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Dropbox Lepton version 1.2.1 Description: The issue allows attackers to cause a denial-of-service, resulting in an application runtime crash due to an integer overflow, by providing a crafted file. Recommendations: For Dropbox Lepton version 1.2.1, update to a newer version that contains a fix for this issue to prevent potential crashes caused by crafted files.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.0.8-41 Q16 **Description** The issue is related to a denial-of-service (divide-by-zero error) in the XWD image parsing component of ImageMagick. This can be triggered by crafting a specific XWD image file where the header does not indicate whether the data is stored in least significant bit (LSB) first or most significant bit (MSB) first order. An attacker could exploit this vulnerability to cause a denial-of-service. **Recommendations** For ImageMagick version 7.0.8-41 Q16, consider avoiding the use of the ReadXWDImage function in coders/xwd.c until a patch is available. As a temporary workaround, restrict the processing of XWD image files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LibSass version 3.5.4 Description: The issue allows attackers to cause a denial-of-service due to uncontrolled recursion. This occurs in the `Sass::Complex Selector::perform` function in `ast.hpp` and the `Sass::Inspect::operator` in `inspect.cpp`. Recommendations: For LibSass version 3.5.4, consider disabling the `Sass::Complex Selector::perform` function and the `Sass::Inspect::operator` as a temporary workaround until a patch is available. Restrict access to the affected modules to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libheif version 1.4.0 **Description** The issue is related to a use-after-free error in the `heif::HeifContext::Image::set alpha channel` function, located in `heif context.h`, due to mishandling of references to non-existing alpha images in `heif context.cc`. **Recommendations** For libheif version 1.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mini-XML version 2.12 **Description** The issue is a stack-based buffer overflow in the scan file function in mxmldoc.c. **Recommendations** For Mini-XML version 2.12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mini-XML version 2.12 **Description** The issue is related to a use-after-free in the `mxmlAdd` function of the `mxml-node.c` file. This could allow remote attackers to cause a denial-of-service via a crafted XML file. **Recommendations** For Mini-XML version 2.12, consider avoiding the use of the `mxmlAdd` function until a patch is available. As a temporary workaround, restrict the processing of crafted XML files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.