Kağan Çapar

**Name of the Vulnerable Software and Affected Versions** WinRAR version 5.61 **Description** A denial of service issue exists that allows local attackers to crash the application. This occurs when a malformed `winrar.lng` language file is placed in the installation directory. The crash is triggered when a user opens an archive and presses the test button, leading to an access violation at memory address 004F1DB8 due to the application attempting to read invalid data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions gdk-pixbuf (affected versions not specified) Description A flaw exists in the gdk-pixbuf library within the JPEG image loader. This heap-based buffer overflow occurs due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, such as through thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dataSIMS Avionics ARINC 664-1 version 4.5.3 **Description** The software contains a local buffer overflow that allows attackers to overwrite memory. This is achieved by manipulating the `milstd1553result.txt` file. An attacker can create a malicious file with a crafted payload and alignment sections to potentially execute arbitrary code on a Windows system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** 7-Zip versions 21.07 and earlier **Description** The issue is related to a heap overflow in the 7z.dll library, which can be exploited to escalate privileges. This can be achieved by dragging a specially crafted .7z file to the Help>Contents area, allowing an attacker to execute commands with elevated privileges. The problem is caused by a combination of misconfiguration of the 7z.dll library and a heap overflow. It is estimated that this issue affects users of 7-Zip on Windows, but the exact number of potentially affected devices is not specified. **Recommendations** For 7-Zip version 21.07 and earlier, consider deleting the 7-zip.chm file as a temporary workaround to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.