Kostya Serebryany

**Name of the Vulnerable Software and Affected Versions** glibc versions prior to 2.22 **Description** The issue in the GNU C Library (glibc) might allow context-dependent attackers to cause a denial of service, resulting in an application crash. This can be demonstrated by using the fnmatch library function with a specific pattern. **Recommendations** For versions prior to 2.22, update to version 2.22 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the fnmatch library function with the `**(!()` pattern until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.9.4 Apple iOS versions prior to 9.3.2 OS X versions prior to 10.11.5 tvOS versions prior to 9.2.1 watchOS versions prior to 2.2.1 **Description** The issue is caused by a heap-based buffer overflow in the `xmlFAParsePosCharGroup` function. This can be exploited by a remote attacker using a specially crafted XML document, potentially allowing them to execute arbitrary code or cause a denial of service due to memory corruption. **Recommendations** For libxml2 versions prior to 2.9.4, update to version 2.9.4 or later. For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later. For OS X versions prior to 10.11.5, update to version 10.11.5 or later. For tvOS versions prior to 9.2.1, update to version 9.2.1 or later. For watchOS versions prior to 2.2.1, update to version 2.2.1 or later. As a temporary workaround, consider restricting the use of the `xmlFAParsePosCharGroup` function until a patch is available. Avoid using specially crafted XML documents that could exploit the buffer overflow vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3 **Description** The issue is related to the XPC Services API in LaunchServices, which has inadequate access control. This allows an attacker to bypass event-handler restrictions and modify events of arbitrary apps using a crafted app. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 9.3, update to iOS version 9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XPC Services API in LaunchServices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.9.4 **Description** The issue allows context-dependent attackers to read arbitrary files or cause a denial of service due to an XML external entity (XXE) vulnerability in the `xmlStringLenDecodeEntities` function. This vulnerability can be exploited by remote attackers to disclose protected information or cause resource consumption. **Recommendations** For libxml2 versions prior to 2.9.4, update to version 2.9.4 or later to resolve the issue. As a temporary workaround, consider enabling validating mode to minimize the risk of exploitation. Restrict access to sensitive files and resources to prevent unauthorized disclosure of information.

**Name of the Vulnerable Software and Affected Versions** FreeType versions prior to 2.6.1 **Description** The issue is related to a heap-based buffer over-read in the `T1 Get Private Dict` function located in `type1/t1parse.c`. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FreeType versions prior to 2.6.1 **Description** The issue is related to a buffer over-read in the skip comment function in psaux/psobjs.c. This occurs because ps parser skip PS token is mishandled during an FT New Memory Face operation. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FreeType versions prior to 2.6.1 **Description** A buffer over-read issue occurs in the `T1 Get Private Dict` function within `type1/t1parse.c` due to a lack of checks on the new values of `cur` and `limit` before proceeding. This issue affects FreeType versions prior to 2.6.1. **Recommendations** For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `T1 Get Private Dict` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU C Library versions prior to 2.22 **Description** The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, by providing a malformed pattern that triggers an out-of-bounds read in the fnmatch function. **Recommendations** For versions prior to 2.22, update to version 2.22 or later to resolve the issue. As a temporary workaround, consider restricting the input to the fnmatch function to prevent malformed patterns from being processed.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.9.3 **Description** The issue is a heap-based buffer overflow in the `xmlGROW` function in `parser.c` in libxml2. This allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application. **Recommendations** For versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `xmlGROW` function in `parser.c` to minimize the risk of exploitation. Avoid processing untrusted or specially crafted XML or HTML files with libxml2 until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.9.3 **Description** The issue is related to the xmlParseMisc function in parser.c, which allows context-dependent attackers to cause a denial of service due to an out-of-bounds heap read. This is related to incorrect entities boundaries and start tags. **Recommendations** For versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the xmlParseMisc function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libxml2 (affected versions not specified) **Description** The issue is related to the xmlParseConditionalSections function in the libxml2 library, which can cause a denial of service due to an out-of-bounds read when parsing specially crafted XML data. This can lead to a crash. The problem arises because the function does not properly handle intermediary entities when it encounters invalid input. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.