Kim Gwan Yeong

**Name of the Vulnerable Software and Affected Versions** Artifex MuPDF version 1.12.0 **Description** The issue allows remote attackers to cause a denial of service via a crafted PDF document. This is due to the `pdf load obj stm` function in `pdf/pdf-xref.c` referencing the object stream recursively, which can lead to running out of error stack. **Recommendations** For Artifex MuPDF version 1.12.0, consider updating to a newer version that addresses this issue, as no specific fix is provided for this version. As a temporary workaround, consider restricting the processing of crafted PDF documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue is related to a buffer over-read in the ICMPv6 parser, specifically in the `icmp6 nodeinfo print()` function within the `print-icmp6.c` file. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** tcpdump versions prior to 4.9.2 **Description** The issue is related to a buffer over-read in the MPTCP parser, specifically in the print-mptcp.c file, affecting several functions. **Recommendations** For versions prior to 4.9.2, update to version 4.9.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript GhostXPS version 9.21 **Description** The issue allows remote attackers to cause a denial of service, which may include a heap-based buffer over-read and application crash, or possibly have other unspecified impacts via a crafted document. This is due to a problem in the Ins MIRP function. **Recommendations** For Artifex Ghostscript GhostXPS version 9.21, consider disabling the Ins MIRP function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript GhostXPS version 9.21 **Description** The issue allows remote attackers to cause a denial of service, resulting in a use-after-free and application crash, or possibly have other unspecified impacts via a crafted document. This is due to a problem in the Ins IP function in base/ttinterp.c. **Recommendations** For Artifex Ghostscript GhostXPS version 9.21, consider restricting the processing of crafted documents until a patch is available. As a temporary workaround, avoid using the Ins IP function in base/ttinterp.c to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript GhostXPS version 9.21 **Description** The issue allows remote attackers to cause a denial of service, resulting in a buffer overflow and application crash, or possibly have other unspecified impacts via a crafted document. This is due to a problem in the `xps load sfnt name` function. **Recommendations** For Artifex Ghostscript GhostXPS version 9.21, consider updating to a newer version that addresses this issue, as no specific workaround is provided for this version. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript GhostXPS version 9.21 **Description** The issue allows remote attackers to cause a denial of service, resulting in a Segmentation Violation and application crash, via a crafted file. This is due to a problem in the xps true callback glyph name function in xps/xpsttf.c. **Recommendations** For Artifex Ghostscript GhostXPS version 9.21, consider avoiding the use of the xps true callback glyph name function until a patch is available. As a temporary workaround, restrict the processing of crafted files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript GhostXPS version 9.21 **Description** The issue allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, or possibly have other unspecified impacts via a crafted document. This is related to the `xps encode font char imp` function and the `xps select font encoding` function in `xps/xpsfont.c`. **Recommendations** For Artifex Ghostscript GhostXPS version 9.21, consider restricting the processing of crafted documents until a patch is available. As a temporary workaround, avoid using the `xps select font encoding` function in `xps/xpsfont.c` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript GhostXPS version 9.21 **Description** The issue is related to the Ins JMPR function in base/ttinterp.c, which allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, or possibly have other unspecified impacts via a crafted document. **Recommendations** For Artifex Ghostscript GhostXPS version 9.21, consider disabling the Ins JMPR function as a temporary workaround until a patch is available. Restrict access to crafted documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript GhostXPS version 9.21 **Description** The issue is related to the xps decode font char imp function in xps/xpsfont.c, which allows remote attackers to cause a denial of service, resulting in a heap-based buffer over-read and application crash, or possibly have other unspecified impacts via a crafted document. **Recommendations** For Artifex Ghostscript GhostXPS version 9.21, consider disabling the xps decode font char imp function as a temporary workaround until a patch is available. Restrict access to crafted documents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript version 9.21 **Description** The issue is related to a lack of an integer overflow check, allowing remote attackers to cause a denial of service, which includes a heap-based buffer overflow and application crash, via a crafted PostScript document. **Recommendations** For Artifex Ghostscript version 9.21, consider updating to a newer version that includes the necessary integer overflow check to prevent the heap-based buffer overflow and application crash. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex Ghostscript GhostXPS version 9.21 **Description** The issue allows remote attackers to cause a denial of service, which includes a heap-based buffer over-read and application crash, via a crafted document. **Recommendations** For Artifex Ghostscript GhostXPS version 9.21, at the moment, there is no information about a newer version that contains a fix for this vulnerability.