Kirit Sankar Gupta

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to the ReadWPGImage function in GraphicsMagick, which is vulnerable due to a null pointer dereference. This can be exploited by a remote attacker using a specially crafted WPG file, potentially allowing them to execute arbitrary code. Additionally, the function does not properly validate colormapped images, which can lead to a denial of service, causing the application to crash due to an invalid write. **Recommendations** For GraphicsMagick version 1.3.26, consider disabling the ReadWPGImage function in coders/wpg.c as a temporary workaround until a patch is available. Restrict access to processing WPG images to minimize the risk of exploitation. Avoid using the `ReadWPGImage` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sound eXchange (SoX) version 14.4.2 **Description** The issue is triggered by supplying a malformed AIFF file to the lsx aiffstartread function in the aiff.c file, resulting in a Use-After-Free vulnerability. **Recommendations** For version 14.4.2, consider avoiding the use of malformed AIFF files until a patch is available. As a temporary workaround, restrict the processing of AIFF files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LAME versions 3.97 through 3.99.5 **Description** A stack-based buffer overflow issue exists in the unpack read samples function within the frontend/get audio.c file. This is a distinct issue from previously reported problems. **Recommendations** For LAME versions 3.97 through 3.99.5, consider disabling the unpack read samples function in frontend/get audio.c as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LAME versions 3.98 through 3.99.5 **Description** The issue is a heap-based buffer over-read in the `fill buffer` function in `libmp3lame/util.c`, related to `lame encode buffer sample t` in `libmp3lame/lame.c`. **Recommendations** For LAME versions 3.98 through 3.99.5, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LAME version 3.99.5 **Description** The issue is related to a NULL Pointer Dereference in the `hip decode init` function within `libmp3lame/mpglib interface.c`. This occurs when processing a malformed mpg file, due to an incorrect `calloc` call. **Recommendations** For LAME version 3.99.5, consider avoiding the use of the `hip decode init` function until a patch is available. As a temporary workaround, restrict the processing of mpg files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LAME versions 3.98 through 3.99.5 **Description** The issue is a heap-based buffer over-read that occurs when handling a malformed file in the k 34 4 function within the vbrquantize.c file. **Recommendations** For LAME versions 3.98 through 3.99.5, update to a version that fixes the heap-based buffer over-read issue in the k 34 4 function within the vbrquantize.c file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GraphicsMagick version 1.3.26 **Description** The issue is related to the ReadPNMImage function in the coders/pnm.c file of the GraphicsMagick library, which is vulnerable to a null pointer dereference. This could allow a remote attacker to cause a denial of service. **Recommendations** For GraphicsMagick version 1.3.26, consider disabling the ReadPNMImage function in the coders/pnm.c file as a temporary workaround until a patch is available. Restrict access to the XV 332 format to minimize the risk of exploitation. Avoid using the ReadPNMImage function for the XV 332 format until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LAME version 3.99.5 **Description** The issue is related to a NULL Pointer Dereference in the `id3v2AddAudioDuration` function, located in `libmp3lame/id3tag.c`. This allows attackers to trigger a Denial of Service by passing a NULL value as the first argument to the function. **Recommendations** For LAME version 3.99.5, consider applying a patch or fix that checks for NULL pointers before calling the `id3v2AddAudioDuration` function to prevent Denial of Service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.