Metacom

**Name of the Vulnerable Software and Affected Versions** VideoCharge Studio version 2.12.3.685 **Description** A stack-based buffer overflow exists when processing a specially crafted .VSC configuration file. The issue is due to improper handling of user-supplied data in the XML `Name` attribute, leading to an SEH overwrite condition. An attacker can exploit this by convincing a user to open a malicious .VSC file, resulting in arbitrary code execution under the context of the user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PDF Shaper versions 3.5 and 3.6 **Description** A buffer overflow exists when converting a crafted PDF file to an image using the 'Convert PDF to Image' functionality. An attacker can exploit this by tricking a user into opening a malicious PDF file, potentially leading to arbitrary code execution under the user's context. This has been verified on Windows XP, 7, 8, and 10 platforms using the `PDFTools.exe` component. **Recommendations** PDF Shaper version 3.5: At the moment, there is no information about a newer version that contains a fix for this vulnerability. PDF Shaper version 3.6: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Aplioxio PDF ShapingUp version 5.0.0.139 Description: The issue is a buffer overflow that allows attackers to cause a denial of service (DoS) via a crafted PDF file. Recommendations: For Aplioxio PDF ShapingUp version 5.0.0.139, consider avoiding the use of crafted PDF files until a patch is available. As a temporary workaround, restrict the processing of PDF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ALLPlayer versions 5.6.2 through 5.8.1 **Description** The issue is caused by a buffer overflow that can be triggered by a long string in a .m3u (playlist) file, potentially allowing remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. **Recommendations** For versions 5.6.2 through 5.8.1, update to a version that fixes the buffer overflow issue to prevent potential code execution and denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** Steinberg MyMp3PRO version 5.0 (Build 5.1.0.21) **Description** The issue is a buffer overflow that allows remote attackers to execute arbitrary code via a long string in a .m3u file. **Recommendations** For Steinberg MyMp3PRO version 5.0 (Build 5.1.0.21), at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** VideoCharge Software Watermark Master version 2.2.23 **Description** A buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a long string in the `SourcePath` value in a .wcf file. **Recommendations** For version 2.2.23, consider updating to a newer version that contains a fix for this issue, as using a long string in the `SourcePath` value can lead to arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.