Iskindar

**Name of the Vulnerable Software and Affected Versions** Xpdf versions 4.05 and earlier **Description** A PDF object loop in an object stream leads to infinite recursion and a stack overflow. **Recommendations** For Xpdf versions 4.05 and earlier, update to a version later than 4.05 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tcpreplay versions (affected versions not specified) Grafana versions prior to 10.1.4 **Description** A double free vulnerability has been identified in the `tcpedit dlt cleanup()` function within `plugins/dlt plugins.c` of tcpreplay's tcprewrite. This issue can be exploited by supplying a specifically crafted file to the tcprewrite binary, enabling a local attacker to initiate a Denial of Service (DoS) attack. Additionally, a directory traversal vulnerability in Grafana can lead to information disclosure. **Recommendations** For tcpreplay, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Grafana versions prior to 10.1.4, update to version 10.1.4 or later to resolve the directory traversal vulnerability.

**Name of the Vulnerable Software and Affected Versions** w3m (affected versions not specified) **Description** An out-of-bounds read flaw was found in the Strnew size function in Str.c, which may allow an attacker to cause a denial of service through a crafted HTML file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** w3m (affected versions not specified) **Description** An out-of-bounds read flaw was found in the `growbuf to Str` function in `indep.c`. This issue may allow an attacker to cause a denial of service through a crafted HTML file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** W3M (affected versions not specified) **Description** An out-of-bounds write issue has been discovered in the backspace handling of the `checkType()` function in etc.c within the W3M application. This issue is triggered by supplying a specially crafted HTML file to the w3m binary. Exploitation of this flaw could lead to application crashes, resulting in a denial of service condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.