Kira

**Name of the Vulnerable Software and Affected Versions** QEMU version 3.0.0 **Description** The issue is related to a heap-based buffer overflow in the `tcp emu` function within the `slirp/tcp subr.c` file of the QEMU emulator. This overflow is associated with the `sc rcv->sb data` buffer. Exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** For QEMU version 3.0.0, as a temporary workaround, consider disabling the `tcp emu` function until a patch is available. Restrict access to the `slirp/tcp subr.c` module to minimize the risk of exploitation. Avoid using the `sc rcv->sb data` buffer in the affected TCP/IP emulation until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions through 3.4.2 **Description** The issue is related to the `svg probe` function in the `libavformat/img2dec.c` component of the FFmpeg library. It allows remote attackers to cause a denial of service due to an infinite loop via a crafted XML file. The exploitation of this issue can lead to a denial of service, where an attacker, acting remotely, can cause the service to become unavailable using a specially crafted XML file. **Recommendations** For FFmpeg versions through 3.4.2, as a temporary workaround, consider disabling the `svg probe` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.