Hugo Lefeuvre

**Name of the Vulnerable Software and Affected Versions** Sudo versions 1.8.0 through 1.9.12 **Description** The issue is related to an array-out-of-bounds error in the plugins/sudoers/auth/passwd.c file of the Sudo program when using the crypt() password backend. This error can result in a heap-based buffer over-read, potentially allowing an attacker to cause a denial of service. The impact can vary depending on system libraries, compiler, and processor architecture. The issue can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. **Recommendations** For Sudo versions 1.8.0 through 1.9.12, consider disabling the crypt() password backend as a temporary workaround until a patch is available. Restrict access to the plugins/sudoers/auth/passwd.c file to minimize the risk of exploitation. Avoid using passwords of seven characters or fewer in the affected Sudo versions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions prior to 7.0.8-54 **Description** The issue is related to a heap-based buffer overflow in the ReadPSInfo function located in coders/ps.c. **Recommendations** For versions prior to 7.0.8-54, update to version 7.0.8-54 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Simple DirectMedia Layer (SDL) version 2.0.9 SDL2 image version 2.0.4 **Description** An issue was discovered in libSDL2.a when used with libSDL2 image.a. There is an out-of-bounds read in the `SDL FreePalette REAL` function at video/SDL pixels.c. **Recommendations** For Simple DirectMedia Layer (SDL) version 2.0.9, consider updating to a newer version to resolve the issue. For SDL2 image version 2.0.4, consider updating to a newer version to resolve the issue. As a temporary workaround, consider restricting the use of the `SDL FreePalette REAL` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Simple DirectMedia Layer (SDL) version 2.0.9 SDL2 image version 2.0.4 **Description** An issue was discovered in libSDL2.a when used with libSDL2 image.a. There is a NULL pointer dereference in the `stdio read` function in the file SDL rwops.c. **Recommendations** For Simple DirectMedia Layer (SDL) version 2.0.9, consider updating to a newer version to resolve the issue. For SDL2 image version 2.0.4, consider updating to a newer version to resolve the issue. As a temporary workaround, consider restricting the use of the `stdio read` function in SDL rwops.c until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FreeImage version 3.18.0 **Description** The issue occurs when reading a tiff file, which is handled by the Load function of the PluginTIFF.cpp file. A memcpy operation happens where the destination address and the size of the copied data are not considered, resulting in a heap overflow. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For FreeImage version 3.18.0, consider disabling the Load function of the PluginTIFF.cpp file as a temporary workaround until a patch is available. Restrict access to the PluginTIFF.cpp file to minimize the risk of exploitation. Avoid using the affected function to handle tiff files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Simple DirectMedia Layer (SDL) version 2.0.9 **Description** An issue was discovered in the Simple DirectMedia Layer (SDL) where there is an out-of-bounds read in the function `SDL InvalidateMap()` at `video/SDL pixels.c`. **Recommendations** For version 2.0.9, consider applying a patch or fix to address the out-of-bounds read issue in the `SDL InvalidateMap()` function. As a temporary workaround, consider restricting access to the `SDL InvalidateMap()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Simple DirectMedia Layer (SDL) version 2.0.9 SDL2 image version 2.0.4 **Description** An issue was discovered in libSDL2.a when used with libSDL2 image.a. There is an invalid free error in the `SDL SetError REAL` function at SDL error.c. **Recommendations** For Simple DirectMedia Layer (SDL) version 2.0.9, consider updating to a newer version to resolve the issue. For SDL2 image version 2.0.4, consider updating to a newer version to resolve the issue. As a temporary workaround, consider restricting the use of the `SDL SetError REAL` function until a patch is available.