Marco Grassi

**Name of the Vulnerable Software and Affected Versions** HUAWEI Mate 20 versions earlier than 10.1.0.160 HUAWEI Mate 20 X versions earlier than 10.1.0.160 HUAWEI P30 Pro versions earlier than 10.1.0.160 Laya-AL00EP versions earlier than 10.1.0.160 Tony-AL00B versions earlier than 10.1.0.160 Tony-TL00B versions earlier than 10.1.0.160 **Description** There is an information disclosure issue in several smartphones. The device does not sufficiently validate the identity of smart wearable devices in certain specific scenarios. To launch the attack, the attacker needs to gain certain information in the victim's smartphone. Successful exploitation could cause information disclosure. **Recommendations** For HUAWEI Mate 20, update to version 10.1.0.160 or later. For HUAWEI Mate 20 X, update to version 10.1.0.160 or later. For HUAWEI P30 Pro, update to version 10.1.0.160 or later. For Laya-AL00EP, update to version 10.1.0.160 or later. For Tony-AL00B, update to version 10.1.0.160 or later. For Tony-TL00B, update to version 10.1.0.160 or later.

**Name of the Vulnerable Software and Affected Versions** cJSON versions prior to 2016-10-02 **Description** The issue is related to a buffer over-read in the `parse string` function in `cJSON.c`. This occurs when processing a string that starts with a " character and ends with a character. **Recommendations** For versions prior to 2016-10-02, update to a version released after 2016-10-02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.2 **Description** The issue involves the `WebSheet` component, which allows attackers to bypass a sandbox protection mechanism via unspecified vectors. This is related to errors in security settings, potentially enabling a remote attacker to exploit the issue and bypass the sandbox protection. **Recommendations** For iOS versions prior to 10.2, update to a version 10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `WebSheet` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.1 macOS versions prior to 10.12.1 tvOS versions prior to 10.0.1 watchOS versions prior to 3.1 **Description** The issue involves the CoreGraphics component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted JPEG file. This is caused by a buffer overflow in the CoreGraphics component of Mac OS X and iOS operating systems. **Recommendations** For iOS versions prior to 10.1, update to version 10.1 or later. For macOS versions prior to 10.12.1, update to version 10.12.1 or later. For tvOS versions prior to 10.0.1, update to version 10.0.1 or later. For watchOS versions prior to 3.1, update to version 3.1 or later.

**Name of the Vulnerable Software and Affected Versions** Dropbox lepton version 1.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by providing a crafted jpeg file. This is due to a problem in the process file function located in lepton/jpgcoder.cc. **Recommendations** For version 1.0, consider avoiding the use of the process file function until a fix is available, or refrain from processing untrusted jpeg files to minimize the risk of a denial of service.

**Name of the Vulnerable Software and Affected Versions** Dropbox lepton version 1.0 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. This is due to a problem in the setup imginfo jpg function in lepton/jpgcoder.cc. **Recommendations** For version 1.0, consider avoiding the use of the setup imginfo jpg function until a patch is available. As a temporary workaround, restrict the processing of crafted jpeg files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dropbox lepton version 1.0 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted jpeg file. This is due to a problem in the write ujpg function in lepton/jpgcoder.cc. **Recommendations** For version 1.0, consider avoiding the use of the write ujpg function until a patch is available. As a temporary workaround, restrict the processing of crafted jpeg files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dropbox lepton version 1.0 **Description** The issue allows remote attackers to cause denial of service (out-of-bounds write) via a crafted jpeg file. This is due to a problem in the build huffcodes function in lepton/jpgcoder.cc. **Recommendations** For version 1.0, consider avoiding the use of crafted jpeg files until a patch is available. As a temporary workaround, restrict the processing of jpeg files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dropbox lepton version 1.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a segmentation fault, by providing a crafted jpeg file. This is due to a problem in the setup imginfo jpg function located in lepton/jpgcoder.cc. **Recommendations** For version 1.0, consider avoiding the use of the setup imginfo jpg function until a patch is available. As a temporary workaround, restrict the processing of jpeg files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0 **Description** A remote code execution issue in the Framesequence library could allow an attacker to execute arbitrary code using a specially crafted file. This issue is related to inadequate access control in the library. The problem can be exploited by a remote attacker to execute code in the context of an unprivileged process. **Recommendations** For Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.8.10 **Description** The issue is related to the mishandling of skb truncation in the TCP stack, which can be exploited by local users to cause a denial of service, resulting in a system crash. This can be achieved through a crafted application that utilizes sendto system calls. The problem is associated with the net/ipv4/tcp ipv4.c and net/ipv6/tcp ipv6.c files. **Recommendations** For Linux kernel versions prior to 4.8.10, update to version 4.8.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.8.3 **Description** The issue allows local users to gain privileges or cause a denial of service due to a heap-based buffer overflow. This is caused by the `arcmsr iop message xfer` function in `drivers/scsi/arcmsr/arcmsr hba.c` not restricting a certain length field, which can be exploited via an ARCMSR MESSAGE WRITE WQBUFFER control code. **Recommendations** For Linux kernel versions prior to 4.8.3, update to version 4.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `arcmsr iop message xfer` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.7.5 **Description** The issue is related to the `tcp check send head` function in the Linux kernel, which does not properly maintain certain SACK state after a failed data copy. This allows local users to cause a denial of service, resulting in a `tcp xmit retransmit queue` use-after-free and system crash, via a crafted SACK option. **Recommendations** For Linux kernel versions prior to 4.7.5, update to version 4.7.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** MuPDF (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the pdf load xref function, which can be exploited by remote attackers using a crafted PDF file, leading to a denial of service (crash). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.3 Apple OS X versions prior to 10.11.6 Apple tvOS versions prior to 9.2.2 Apple watchOS versions prior to 2.2.2 **Description** The issue allows local users to cause a denial of service via unspecified vectors, resulting in a NULL pointer dereference. **Recommendations** For Apple iOS versions prior to 9.3.3, update to version 9.3.3 or later. For Apple OS X versions prior to 10.11.6, update to version 10.11.6 or later. For Apple tvOS versions prior to 9.2.2, update to version 9.2.2 or later. For Apple watchOS versions prior to 2.2.2, update to version 2.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.6 **Description** The issue is related to insufficient access control in the Intel graphics driver of Mac OS X, which can be exploited by a local attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For Apple OS X versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Intel graphics driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Intel Graphics Driver in Apple OS X versions prior to 10.11.5 **Description** The issue is related to errors in security settings of the Intel Graphics Driver component in Mac OS X, allowing a remote attacker to obtain sensitive kernel memory-layout information using a specially crafted app. **Recommendations** For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. It is caused by a buffer overflow in the IOFireWireFamily component. **Recommendations** For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the IOFireWireFamily component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is related to a buffer overflow in the Multi-Touch subsystem of the operating system, which can be exploited by a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IOHIDFamily in Apple iOS versions prior to 9.3.2 IOHIDFamily in Apple OS X versions prior to 10.11.5 IOHIDFamily in Apple tvOS versions prior to 9.2.1 IOHIDFamily in Apple watchOS versions prior to 2.2.1 **Description** The issue is caused by a buffer overflow in the IOHIDFamily component of iOS and Mac OS X operating systems. Exploitation of this issue may allow a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For iOS versions prior to 9.3.2, update to version 9.3.2 or later. For OS X versions prior to 10.11.5, update to version 10.11.5 or later. For tvOS versions prior to 9.2.1, update to version 9.2.1 or later. For watchOS versions prior to 2.2.1, update to version 2.2.1 or later.