Jorgebarredo14

**Name of the Vulnerable Software and Affected Versions** CImg Library versions prior to commit 4ca26bc **Description** An integer overflow exists in the ` load pnm()` function during the computation of W*H*D size. A specially crafted PNM, PGM, or PPM file containing large dimension values can cause the calculation to wrap around, bypassing the memory allocation guard. This results in the allocation of an undersized buffer, which may lead to a heap buffer overflow when processing untrusted image files. **Recommendations** Update CImg Library to the version containing commit 4ca26bc.

**Name of the Vulnerable Software and Affected Versions** CImg Library versions prior to commit c3aacf5 **Description** An issue exists in the processing of BMP files where the `nb colors` field from the file header is used to calculate allocation size without validation against the actual remaining file size. A specially crafted BMP file containing a large `nb colors` value can trigger an out-of-memory condition, leading to a crash of any application utilizing the library to load untrusted BMP files. **Recommendations** Update to the version containing commit c3aacf5.

**Name of the Vulnerable Software and Affected Versions** BACnet Stack versions prior to 1.4.3 **Description** The `decode signed32()` function in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes using signed left shifts. When any of the four bytes has bit 7 set (value ≥ 0x80), the left-shift operation overflows a signed `int32 t`, resulting in undefined behavior according to the C standard. **Recommendations** Update to version 1.4.3.