Huanglei3

**Name of the Vulnerable Software and Affected Versions** lrzip version 0.651 **Description** The issue is related to a heap overflow via the `libzpaq::PostProcessor::write(int)` function at `/libzpaq/libzpaq.cpp`. This allows attackers to cause a Denial of Service (DoS) via a crafted file. **Recommendations** For lrzip version 0.651, as a temporary workaround, consider disabling the `libzpaq::PostProcessor::write(int)` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lrzip-next LZMA version 23.01 **Description** The issue is related to an access violation in the component /bz3 decode block, located in the src/libbz3.c file. This access violation can be exploited, potentially leading to unintended consequences. **Recommendations** For lrzip-next LZMA version 23.01, consider restricting access to the /bz3 decode block component in the src/libbz3.c file as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** XPDF version 4.04 **Description** A Buffer Overflow issue allows an attacker to cause a Denial of Service via the `PDFDoc` malloc in the `pdftotext.cc` function. The vendor states that this is an expected abort on out-of-memory error. **Recommendations** For XPDF version 4.04, consider restricting the use of the `pdftotext.cc` function to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.