Jinyu00O

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG version 0.5.1036 **Description** The issue allows remote attackers to cause a denial of service, resulting in a SEGV. This is due to the `get first owned object` function in `dwg.c`. **Recommendations** For GNU LibreDWG version 0.5.1036, consider updating to a newer version that addresses this issue, as the current version may cause a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.5.1-624 **Description** The issue allows remote attackers to cause a denial of service, specifically an infinite loop, by providing a crafted MP4 file. This is due to a problem in the AP4 File::ParseStream function located in Ap4File.cpp. **Recommendations** For Bento4 version 1.5.1-624, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MP4v2 version 2.1.0 **Description** The issue allows remote attackers to cause a denial of service, which may lead to a heap-based buffer overflow and application crash, or possibly have other unspecified impacts. This can be achieved via a crafted MP4 file. **Recommendations** For MP4v2 version 2.1.0, update to a version that fixes the `MP4Integer32Property::Read` function in `atom avcC.cpp` to prevent the heap-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU LibreDWG version 0.5.1048 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and SEGV, via a crafted dwg file. This is due to a problem in the `dwg obj block control get block headers` function in `dwg api.c`. **Recommendations** For GNU LibreDWG version 0.5.1048, as a temporary workaround, consider restricting the use of the `dwg obj block control get block headers` function until a patch is available. Avoid using this function with untrusted dwg files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** axmldec version 1.2.0 **Description** The issue is related to an out-of-bounds write in the `jitana::axml parser::parse start namespace` function, located in `lib/jitana/util/axml parser.cpp`. **Recommendations** For axmldec version 1.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.