Jiravvit

**Name of the Vulnerable Software and Affected Versions** NTSC-CRT version 2.2.1 **Description** The issue is related to an integer overflow and out-of-bounds write in the `loadBMP` function in `bmp rw.c`. This occurs because the file's width, height, and BPP are not validated. The vendor notes that the main application was not intended to be a well-tested program, but rather a demonstration of how it works and how to integrate it into other programs. **Recommendations** For NTSC-CRT version 2.2.1, consider validating the file's width, height, and BPP to prevent the integer overflow and out-of-bounds write. As a temporary workaround, consider restricting the use of the `loadBMP` function in `bmp rw.c` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.