John Helmert Iii

**Name of the Vulnerable Software and Affected Versions** Alpine versions prior to 2.25 **Description** The issue allows remote attackers to cause a denial of service, resulting in an application or daemon crash, when the LIST or LSUB command is sent before STARTTLS. **Recommendations** For versions prior to 2.25, update to version 2.25 or later to resolve the issue. As a temporary workaround, consider restricting the use of the LIST and LSUB commands before STARTTLS to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The MPlayer Project version 1.5 **Description** A heap use-after-free issue in the preinit function at libvo/vo v4l2.c can result in a double free, leading to a Denial of Service (DoS) via a crafted file. The `device` variable, which is assigned using `strdup`, is not executed on every call. This issue has been disputed by third parties as invalid and not reproducible. **Recommendations** For version 1.5, consider restricting the use of crafted files to minimize the risk of exploitation. As a temporary workaround, review the code to ensure proper execution of the `device=strdup` statement. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.3-35.amzn2.0.1 **Description** The issue is related to the processing of malicious TIFF files, which can cause a denial of service (application crash). Specifically, an invalid range may be passed as an argument to the `memset()` function within the `TIFFFetchStripThing()` function in `tif dirread.c`, leading to a segfault after the use of an uninitialized resource. This occurs when the `TIFFFetchStripThing()` function is used to handle TIFF files, potentially allowing an attacker to exploit the vulnerability and cause a service disruption. **Recommendations** For LibTIFF version 4.0.3-35.amzn2.0.1, consider avoiding the use of the `TIFFFetchStripThing()` function until a patch is available, or restrict access to the `tif dirread.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Alpine versions prior to 2.25 **Description** The issue concerns the acceptance of untagged responses from an IMAP server before STARTTLS. This indicates a potential security risk related to the handling of server responses during the initial connection setup. **Recommendations** For versions prior to 2.25, update to version 2.25 or later to resolve the issue.