Michael Randrianantenaina

**Name of the Vulnerable Software and Affected Versions** GIMP (affected versions not specified) **Description** A flaw exists in GIMP related to parsing XWD files. Insufficient validation of user-supplied data can lead to a write past the end of an allocated buffer. This could allow a remote attacker to execute code in the context of the current process. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GStreamer (affected versions not specified) Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with the library is required for exploitation, with attack vectors varying based on implementation. The flaw resides within the parsing of H266 sei messages, stemming from insufficient validation of user-supplied data length before copying it to a fixed-length stack-based buffer. An attacker can leverage this to execute code within the current process context. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GIMP (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations. It requires user interaction, such as visiting a malicious page or opening a malicious file. The flaw exists within the parsing of ICO files due to the lack of proper validation of user-supplied data, resulting in an integer overflow before writing to memory. This can be leveraged to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GIMP (affected versions not specified) Description: The issue is related to an integer overflow in GIMP's XWD file parsing, which can lead to remote code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GIMP (affected versions not specified) Description: The issue is related to out-of-bounds write remote code execution in GIMP's FLI file parsing. This could potentially allow for remote code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Bluetooth functionality in the Linux kernel, specifically with the `hci event` and the alignment of BR/EDR JUST WORKS pairing with LE. This alignment ensures that user confirmation is always requested for Just Works, following a dedicated policy around the JUST WORKS method. The vulnerability is associated with incorrect authorization, potentially allowing a remote attacker to impact the confidentiality of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlueZ versions prior to a currently unspecified fix Linux kernel versions 6.1 through 6.1.119-1~deb11u1 Linux kernel (Azure) (affected versions not specified) Linux kernel (AWS) (affected versions not specified) Linux kernel (OEM) (affected versions not specified) Linux kernel (HWE) (affected versions not specified) **Description** Multiple vulnerabilities exist within BlueZ and the Linux kernel. A critical vulnerability in BlueZ allows for remote code execution due to improper access control within the HID over GATT Profile. Authentication is not required for exploitation. Additionally, vulnerabilities have been discovered in the Linux kernel that could lead to privilege escalation, denial of service, or information leaks. Specifically, Debian 11 bullseye has received updates to address these kernel vulnerabilities, with fixes included in version 6.1.119-1~deb11u1. These vulnerabilities impact various Linux kernel configurations including Azure, AWS, OEM, and HWE. **Recommendations** Upgrade BlueZ to the latest available version. Upgrade the Linux kernel to version 6.1.119-1~deb11u1 on Debian 11 bullseye systems. Apply available security updates for Linux kernel (Azure), Linux kernel (AWS), Linux kernel (OEM), and Linux kernel (HWE) configurations.

**Name of the Vulnerable Software and Affected Versions** GStreamer (affected versions not specified) **Description** The issue is related to an integer overflow when handling EXIF metadata in files, allowing remote attackers to execute arbitrary code on affected installations. The flaw exists within the parsing of EXIF metadata due to the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GStreamer versions prior to 1.22.9 **Description** This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of tile list data within AV1-encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. **Recommendations** For versions prior to 1.22.9, update to version 1.22.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of AV1-encoded video files until a patch is available. Avoid using the `tile list data` parsing functionality in the affected AV1 codec parser until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GStreamer (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of metadata within AV1 encoded video files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GIMP (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DDS files, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this issue to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GIMP (affected versions not specified) **Description** The issue is related to an integer overflow in the parsing of PSP files, which can be exploited by remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required, where the target must visit a malicious page or open a malicious file. The problem stems from the lack of proper validation of user-supplied data, leading to an integer overflow before writing to memory. This allows an attacker to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GStreamer (affected versions not specified) **Description** The issue is related to a heap-based buffer overflow in the AV1 Codec parsing of the GStreamer multimedia framework. This allows remote attackers to execute arbitrary code on affected installations. The flaw exists within the parsing of AV1 encoded video files due to the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GStreamer (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of MXF video files, resulting from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GIMP (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files, resulting from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this issue to execute arbitrary code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GIMP (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. Crafted data in a PSP file can trigger an off-by-one error when calculating a location to write within a heap-based buffer. An attacker can leverage this issue to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** GStreamer (affected versions not specified) **Description** The issue is related to a stack-based buffer overflow in the parsing of H265 encoded video files. This allows remote attackers to execute arbitrary code on affected installations of GStreamer. The vulnerability results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GStreamer (affected versions not specified) **Description** The issue is related to an integer overflow in the parsing of MXF video files, which can result from the lack of proper validation of user-supplied data. This can lead to an integer overflow before allocating a buffer, allowing an attacker to execute code in the context of the current process. The vulnerability can be exploited by remote attackers who interact with the library, and attack vectors may vary depending on the implementation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GStreamer (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of MDPR chunks, resulting from the lack of proper validation of user-supplied data, which can cause an integer overflow before allocating a buffer. An attacker can leverage this issue to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GStreamer (affected versions not specified) **Description** The issue is related to an integer overflow in the MDPR component of the GStreamer multimedia framework. This allows remote attackers to execute arbitrary code on affected installations of GStreamer. The specific flaw exists within the parsing of MDPR chunks, resulting from the lack of proper validation of user-supplied data, which can lead to an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.