Mike Salvatore

**Name of the Vulnerable Software and Affected Versions** Audacity versions 2.3.3 and earlier **Description** The issue is related to the default permission settings in Audacity. When Audacity creates temporary files, it saves them to `/var/tmp/audacity-$USER` and sets the permissions to 755. This allows any user on the system to read and play the temporary audio `.au` files located there. The vulnerability may allow an attacker to access confidential data. **Recommendations** For Audacity versions 2.3.3 and earlier, consider changing the default temporary directory permissions to restrict access to sensitive audio files. As a temporary workaround, restrict access to the `/var/tmp/audacity-$USER` directory to minimize the risk of exploitation. Update to a version later than 2.3.3 to fully resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Sigil versions prior to 0.9.16 **Description** The issue exists due to incorrect restriction of the path name to a directory with limited access. This can be exploited by a remote attacker to write arbitrary files to any directory. The vulnerability is related to a directory traversal issue, where attackers can write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. **Recommendations** For versions prior to 0.9.16, update to version 0.9.16 or later to resolve the issue. As a temporary workaround, consider restricting access to ZIP archive entries to minimize the risk of exploitation. Avoid using the vulnerable software to extract ZIP archives from untrusted sources until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Zipios versions prior to 0.1.7 **Description** The issue is related to the handling of certain malformed zip archives, which can cause the software to go into an infinite loop, resulting in a denial of service. This is associated with the `readUint32()` function in `zipheadio.h` and the `Zipfile::Zipfile()` function in `zipfile.cpp`. **Recommendations** For versions prior to 0.1.7, update to version 0.1.7 or later to resolve the issue. As a temporary workaround, consider restricting the handling of malformed zip archives to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FlightCrew versions 0.9.2 and earlier **Description** An issue was discovered that causes a NULL pointer dereference in certain functions when a NULL pointer is passed to `xc::XMLUri::isValidURI()`. This issue affects third-party software that uses FlightCrew as a library. **Recommendations** For FlightCrew versions 0.9.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FlightCrew versions 0.9.2 and older **Description** The issue is related to insufficient input validation in the EPUB validator, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. This can enable an attacker to record arbitrary files in any directory of the Zip archive. **Recommendations** For FlightCrew versions 0.9.2 and older, as a temporary workaround, consider restricting the handling of ZIP archive entries to prevent directory traversal attacks until a patch is available. Avoid using the ZIP extraction feature with untrusted archives until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SoX versions 14.4.1 and earlier **Description** The issue is related to multiple heap-based buffer overflows that can be triggered by remote attackers sending a crafted WAV file. This can affect the `start read` or `AdpcmReadBlock` function, potentially leading to unspecified impact. **Recommendations** For SoX versions 14.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.