Marsman1996

Name of the Vulnerable Software and Affected Versions: Exiv2 versions v0.28.0 through v0.28.4 Description: A heap buffer overflow was found in Exiv2 when used to write metadata into a crafted image file. This issue can be exploited by an attacker to gain code execution if they can trick the victim into running Exiv2 on a crafted image file. The heap overflow is triggered by a less frequently used Exiv2 operation, which is writing the metadata. For example, to trigger the bug in the Exiv2 command-line application, an extra command-line argument such as `fixiso` is needed. Recommendations: For Exiv2 versions v0.28.0 through v0.28.4, update to version v0.28.5 to resolve the issue. As a temporary workaround, consider avoiding the use of Exiv2 for writing metadata until the issue is resolved. Restrict access to crafted image files to minimize the risk of exploitation. Avoid using Exiv2 with untrusted image files until the issue is resolved. At the moment, there are no other known workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Libming version 0.4.8 **Description** The issue allows a remote attacker to cause a denial of service via a crafted .swf file to the `makeswf` function. **Recommendations** For Libming version 0.4.8, consider disabling the `makeswf` function until a patch is available to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Matthias-Wandel/jhead version 3.06 **Description** The issue arises from jhead copying strings to a stack buffer when it detects a `&i` or `&o`, without checking the boundary of the stack buffer. This results in a stack buffer overflow problem when multiple `&i` or `&o` are given. The problem is related to the `shellescape()` function in `jhead.c`. **Recommendations** For version 3.06, consider avoiding the use of multiple `&i` or `&o` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCPrewrite version 4.4.3 **Description** An issue in TCPrewrite allows a remote attacker to cause a denial of service via the `ports2PORT` function at the "portmap.c:69" endpoint. **Recommendations** For TCPrewrite version 4.4.3, consider disabling the `ports2PORT` function as a temporary workaround until a patch is available. Restrict access to the "portmap.c:69" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Liblouis Lou Trace version 3.24.0 **Description** A Buffer Overflow issue allows a remote attacker to cause a denial of service via the `resolveSubtable` function at `compileTranslationTabel.c`. This issue can be exploited to disrupt service. **Recommendations** For Liblouis Lou Trace version 3.24.0, consider disabling the `resolveSubtable` function as a temporary workaround until a patch is available. Restrict access to the `compileTranslationTabel.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** TCPprep version 4.4.3 **Description** The issue allows a remote attacker to cause a denial of service via the `parse list` function. This is related to a pointer dereference issue in the PCAP file handler of the Tcpreplay utility. Exploitation of the issue may allow a remote attacker to cause a denial of service. **Recommendations** For TCPprep version 4.4.3, as a temporary workaround, consider disabling the `parse list` function until a patch is available. Restrict access to the list.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tcpreplay version 4.4.3 **Description** The issue is related to the `cidr2cidr()` function in the Tcpreplay utility, which can cause a denial of service when exploited by a remote attacker. This function is part of the PCAP file handler and is associated with an uncontrolled reachable assertion. The exploitation of this issue can allow a remote attacker to cause a denial of service. **Recommendations** For version 4.4.3, consider disabling the `cidr2cidr()` function as a temporary workaround until a patch is available. Restrict access to the `cidr.c` file to minimize the risk of exploitation. Avoid using the `cidr2cidr()` function in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** TCPReplay version 4.4.3 **Description** The issue allows a remote attacker to cause a denial of service via the `read hexstring` function. This is related to a pointer dereference issue in the `tcprewrite` editor of PCAP files in the Tcpreplay utility. The exploitation of this issue can allow a remote attacker to cause a denial of service. **Recommendations** For TCPReplay version 4.4.3, as a temporary workaround, consider disabling the `read hexstring` function until a patch is available. Restrict access to the `utils.c` file, specifically the endpoint at line 309, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCPreplay TCPprep version 4.4.3 **Description** The issue allows a remote attacker to cause a denial of service via the `parse endpoints()` function, which is related to pointer dereferencing. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For TCPreplay TCPprep version 4.4.3, consider disabling the `parse endpoints()` function as a temporary workaround until a patch is available. Restrict access to the parse endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Liblouis version 3.24.0 **Description** The issue is related to a buffer overflow vulnerability in the lou logFile function of the Liblouis translator, which is caused by copying a buffer without checking the size of the input data. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is associated with the lou logFile function at the logginc.c endpoint. **Recommendations** For Liblouis version 3.24.0, consider disabling the lou logFile function as a temporary workaround until a patch is available. Restrict access to the logginc.c endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Liblouis version 3.24.0 **Description** The issue is related to a buffer overflow that can be triggered by a remote attacker, potentially causing a denial of service. This is associated with the `compileTranslationTable.c` and the `lou setDataPath` functions. The vulnerability involves uncontrolled copying of data, which can lead to service disruption. **Recommendations** For Liblouis version 3.24.0, consider disabling the `lou setDataPath` function and restricting access to the `compileTranslationTable.c` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tcpprep version 4.4.1 **Description** The issue is related to a reachable assertion in the `packet2tree()` function at `tree.c` in tcpprep. This assertion is `assert(l2len > 0)`, indicating a potential problem when the `l2len` variable is not greater than 0. **Recommendations** For tcpprep version 4.4.1, consider disabling the `packet2tree()` function until a patch is available to prevent potential issues related to the reachable assertion. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** tcpreplay version 4.3.4 **Description** The issue is related to a Reachable Assertion in the `add tree ipv6()` function at `tree.c`. **Recommendations** For tcpreplay version 4.3.4, consider restricting access to the `add tree ipv6()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** tcpreplay version 4.3.4 **Description** The issue is related to a Reachable Assertion in the `add tree ipv4()` function at `tree.c`. **Recommendations** For tcpreplay version 4.3.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ffjpeg version d5cfd49 (2021-12-06) **Description** A Null Pointer Dereference issue exists due to incomplete patching. When size information in the metadata of a bmp file is out of range, the program fails to assign a memory buffer to `pb->pdata` but continues execution, leading to a crash when trying to access `pb->data` in `jfif encode()` at jfif.c:763. **Recommendations** For ffjpeg version d5cfd49 (2021-12-06), as a temporary workaround, consider adding a check to ensure `pb->pdata` is assigned a valid memory buffer before accessing `pb->data` to prevent the program from crashing. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ngiflib version 0.4 **Description** The issue is related to a heap overflow in the `GetByte()` function at ngiflib.c:70 when operating in NGIFLIB NO FILE mode. This occurs because `GetByte()` reads from a memory buffer without properly checking its boundaries. **Recommendations** For ngiflib version 0.4, consider applying a patch or fix that properly bounds the memory buffer read by the `GetByte()` function to prevent the heap overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ngiflib version 0.4 **Description** The issue is a heap overflow in the `GetByteStr()` function at ngiflib.c:108 when in NGIFLIB NO FILE mode. This occurs because `GetByteStr()` copies a memory buffer without checking its boundary, leading to potential exploitation. **Recommendations** For ngiflib version 0.4, as a temporary workaround, consider disabling the `GetByteStr()` function until a patch is available. Restrict access to the `ngiflib.c` file, specifically the `GetByteStr()` function at line 108, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GPAC versions 0.8.0 through 1.0.1 Description: A heap-based buffer overflow issue exists in the `gp rtp builder do avc()` function, located in the `ietf/rtp pck mpeg4.c` file. Recommendations: For GPAC version 0.8.0, update to a version that fixes the issue. For GPAC version 1.0.1, update to a version that fixes the issue. As a temporary workaround, consider disabling the `gp rtp builder do avc()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC version 0.7.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash, via a crafted file. This occurs because the `cfg` variable could be NULL when the line `cfg new->AVCLevelIndication = cfg->AVCLevelIndication;` is executed in the `AVC DuplicateConfig()` function at `isomedia/avc ext.c`. **Recommendations** For GPAC version 0.7.1, consider adding a NULL check for the `cfg` variable before accessing its members in the `AVC DuplicateConfig()` function to prevent the NULL pointer dereference.

**Name of the Vulnerable Software and Affected Versions** ffjpeg versions prior to 2019-08-21 **Description** The issue is a heap-based buffer overflow in the `jfif load()` function at `jfif.c`. **Recommendations** For versions prior to 2019-08-21, update to a version released after 2019-08-21 to resolve the issue.