Laurent Delosieres

**Name of the Vulnerable Software and Affected Versions** Clam AntiVirus versions 0.103.4 and prior versions Clam AntiVirus version 0.104.1 **Description** The issue is related to insufficient input validation in the OOXML parsing module. An attacker could exploit this by sending a specially crafted OOXML file to an affected device, potentially causing a denial of service condition due to improper checks that may result in an invalid pointer read. This could allow the attacker to crash the ClamAV scanning process. **Recommendations** For Clam AntiVirus versions 0.103.4 and prior versions, update to a version that includes the fix for this issue. For Clam AntiVirus version 0.104.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the processing of OOXML files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Zoom Client for Meetings for Windows versions prior to 5.5.4 **Description** The issue is related to the improper verification of cryptographic signatures for files with .msi, .ps1, and .bat extensions. This could allow a malicious actor to install malicious software on a customer's computer, potentially compromising the integrity of protected information. **Recommendations** For versions prior to 5.5.4, update to version 5.5.4 or later to resolve the issue. As a temporary workaround, consider restricting the execution of files with .msi, .ps1, and .bat extensions until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libexif version 0.6.21 **Description** The issue is related to an error when processing the EXIF IFD INTEROPERABILITY and EXIF IFD EXIF tags within the libexif library. This error can be exploited to exhaust available CPU resources, potentially leading to a denial of service. The vulnerability can be exploited by a remote attacker. **Recommendations** For libexif version 0.6.21, consider updating to a newer version that addresses this issue, although the specific fixed version is not provided in the available data. As a temporary workaround, consider restricting the processing of EXIF files or limiting the resources available to the libexif library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.8 **Description** A type confusion error within the `identify()` function in LibRaw can be exploited to trigger a division by zero, potentially leading to a denial of service. The issue is related to a lack of division by zero checking in the internal/dcraw common.cpp component of the image processing library. **Recommendations** For versions prior to 0.18.8, update to version 0.18.8 or later to resolve the issue. As a temporary workaround, consider disabling the `identify()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.8 **Description** The issue is related to a boundary error within the `quicktake 100 load raw()` function in the internal/dcraw common.cpp component of the LibRaw library. This error can lead to a stack-based buffer overflow, causing a crash. Additionally, it may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 0.18.8, update to version 0.18.8 or later to resolve the issue. As a temporary workaround, consider disabling the `quicktake 100 load raw()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.8 **Description** The issue is related to an error within the `leaf hdr load raw()` function in the internal/dcraw common.cpp component of LibRaw, which can be exploited to trigger a NULL pointer dereference. This can allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 0.18.8, update to version 0.18.8 or later to resolve the issue. As a temporary workaround, consider disabling the `leaf hdr load raw()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.7 **Description** The issue is related to an error in the `kodak radc load raw()` function, specifically with the `buf` variable, which can cause an out-of-bounds read memory access, leading to a crash. This can be exploited by a remote attacker to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 0.18.7, update to version 0.18.7 or later to resolve the issue. As a temporary workaround, consider disabling the `kodak radc load raw()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.7 **Description** The issue is related to errors in pointer dereferencing within the LibRaw library for image processing, specifically in the src/libraw cxx.cpp component. This can be exploited by a remote attacker to cause a denial of service. The `LibRaw::unpack()` function is particularly affected, allowing for a NULL pointer dereference. **Recommendations** For versions prior to 0.18.7, update to version 0.18.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `LibRaw::unpack()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibRaw versions prior to 0.18.7 **Description** The issue is related to an off-by-one error within the `LibRaw::kodak ycbcr load raw()` function in the internal/dcraw common.cpp component of the LibRaw library. This error can lead to a heap-based buffer overflow, causing a crash. The vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 0.18.7, update to version 0.18.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `LibRaw::kodak ycbcr load raw()` function until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** libsndfile version 1.0.28 **Description** The issue is related to an error in the `aiff read chanmap()` function, which can cause an out-of-bounds read memory access. This can be exploited via a specially crafted AIFF file, potentially allowing a remote attacker to compromise data confidentiality, integrity, and availability. **Recommendations** For libsndfile version 1.0.28, consider avoiding the use of the `aiff read chanmap()` function until a patch is available. As a temporary workaround, restrict the processing of AIFF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.