Kdsjzho

**Name of the Vulnerable Software and Affected Versions** libjpeg (affected versions not specified) **Description** A heap buffer overflow was discovered in libjpeg, specifically in the LineBitmapRequester::EncodeRegion function at linebitmaprequester.cpp. This issue allows attackers to cause a Denial of Service (DoS) by providing a crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libjpeg (affected versions not specified) **Description** A reachable assertion was discovered in libjpeg via BitMapHook::BitMapHook at bitmaphook.cpp, allowing attackers to cause a Denial of Service (DoS) via a crafted file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.5 **Description** A heap buffer overflow issue was discovered in the `bit wcs2nlen` function located at `bits.c`. This issue can potentially be exploited. **Recommendations** For LibreDWG version 0.12.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `bit wcs2nlen` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.5 **Description** A heap buffer overflow issue was discovered in LibreDWG via the `bit write TF` function at `bits.c`. **Recommendations** For LibreDWG version 0.12.5, consider disabling the `bit write TF` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.5 **Description** A heap buffer overflow issue was discovered in the function bit calc CRC at bits.c. **Recommendations** For LibreDWG version 0.12.5, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LibreDWG version 0.12.5 **Description** A heap buffer overflow issue was discovered in the function bit utf8 to TU at bits.c. **Recommendations** For LibreDWG version 0.12.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libdwarf version 0.4.1 **Description** The issue is related to a double free in the ` dwarf exec frame instr` function located in `dwarf frame.c`. **Recommendations** For libdwarf version 0.4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libConfuse version 3.3 **Description** The issue is related to a heap-based buffer over-read in the `cfg tilde expand` function of the libConfuse library. This can be exploited by a remote attacker using a specially crafted file, potentially leading to a denial of service. **Recommendations** For libConfuse version 3.3, consider disabling the `cfg tilde expand` function as a temporary workaround until a patch is available. Restrict access to the `confuse.c` file to minimize the risk of exploitation. Avoid using the `cfg tilde expand` function in configurations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex MuJS versions prior to 1.2.1 **Description** The issue results in stack consumption due to unlimited recursion in the compile function in regexp.c. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Artifex MuJS versions through 1.2.0 **Description** The issue is related to a NULL pointer dereference in the `jsP dumpsyntax` function in `jsdump.c`, as demonstrated by `mujs-pp`. This occurs in Artifex MuJS. **Recommendations** For versions through 1.2.0, consider disabling the `jsP dumpsyntax` function in `jsdump.c` as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 2.0.0 **Description** The issue is related to a heap-based buffer over-read in the `gp rtp builder do hevc` function, located in the `ietf/rtp pck mpeg4.c` file. This problem is demonstrated by MP4Box. **Recommendations** For GPAC version 2.0.0, consider updating to a newer version that contains a fix for this issue, as the current version has a heap-based buffer over-read vulnerability in the `gp rtp builder do hevc` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb image.h (aka the stb image loader) version 2.19 **Description** The issue is related to a reachable assertion in the `stbi create png image raw` function of the stb image loader. **Recommendations** For version 2.19, consider updating to a newer version that addresses this issue, as the current version has a reachable assertion that could potentially cause problems.

**Name of the Vulnerable Software and Affected Versions** Tcpreplay version 4.4.1 **Description** The issue is related to a heap-based buffer over-read in the `parse mpls` function located in `common/get.c`. This occurs in the `tcpprep` component of Tcpreplay. **Recommendations** For Tcpreplay version 4.4.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Liblouis version 3.21.0 **Description** The issue is related to an out-of-bounds write in the `compileRule` function within the `compileTranslationTable.c` file. This has been demonstrated using `lou trace`. **Recommendations** For Liblouis version 3.21.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libcaca (affected versions not specified) **Description** The issue is a Divide By Zero problem via img2txt, allowing a remote malicious user to cause a Denial of Service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.