Ivan Gulakov

Name of the Vulnerable Software and Affected Versions: mupdf version 1.18.0 Description: A flaw was found in mupdf. Double free of object during linearization may lead to memory corruption and other potential consequences. Recommendations: For mupdf version 1.18.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WavPack versions 5.3.0 through 5.3.2 **Description** The issue is related to an out-of-bounds write in the `WavpackPackSamples` function in the `pack utils.c` file due to an integer overflow in a `malloc` argument. This can allow a remote attacker to compromise data integrity and cause a denial of service. **Recommendations** For WavPack versions 5.3.0 through 5.3.2, consider disabling the `WavpackPackSamples` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.