Jun

**Name of the Vulnerable Software and Affected Versions** GNU gdb All versions **Description** The issue is related to a buffer overflow due to out-of-bounds memory access in the main gdb module. This can be exploited by opening a specially crafted ELF file for debugging, potentially leading to denial of service, memory disclosure, and possible code execution. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For GNU gdb All versions: At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the gdb module to minimize the risk of exploitation, especially when opening ELF files for debugging. Avoid using the gdb module with untrusted or unknown ELF files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.13.02rc2 **Description** The issue is related to a heap-based buffer over-read in the `tokenize` function located in `asm/preproc.c`, which occurs due to an unterminated string. **Recommendations** For Netwide Assembler (NASM) version 2.13.02rc2, consider avoiding the use of unterminated strings in the `tokenize` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.13.02rc2 **Description** The issue is related to a stack-based buffer under-read in the `ieee shr` function, located in `asm/float.c`, which occurs when a large shift value is provided. **Recommendations** For version 2.13.02rc2, consider avoiding the use of large shift values in the `ieee shr` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.13.02rc2 **Description** The issue is related to a buffer over-read in the parse line function, located in asm/parser.c. This occurs due to uncontrolled access to `nasm reg flags`. **Recommendations** For Netwide Assembler (NASM) version 2.13.02rc2, consider restricting access to the parse line function in asm/parser.c until a patch is available. As a temporary workaround, avoid using the `nasm reg flags` variable in the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Gnome gdk-pixbuf versions 2.36.8 and older **Description** The issue is related to several integer overflows in the `gif get lzw` function, which can result in memory corruption and potentially allow code execution. **Recommendations** For versions 2.36.8 and older, update to a newer version to mitigate the risk of exploitation. At the moment, there is no information about a specific newer version that contains a fix for this issue.