Mmmds

**Name of the Vulnerable Software and Affected Versions** teeworlds version 0.7.5 **Description** A heap use-after-free issue in the CDataFileReader::GetItem component allows attackers to cause a Denial of Service (DoS) via a crafted map file. **Recommendations** For teeworlds version 0.7.5, consider avoiding the use of crafted map files until a patch is available. As a temporary workaround, restrict access to the CDataFileReader::GetItem component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Teeworlds versions up to and including 0.7.5 **Description** The issue arises from a map parser that does not validate the `m Channels` value coming from a map file, leading to a buffer overflow. A malicious server can offer a specially crafted map that will overwrite the client's stack, causing denial of service or code execution. **Recommendations** For Teeworlds versions up to and including 0.7.5, as a temporary workaround, consider disabling the map parser function until a patch is available. Restrict access to malicious servers to minimize the risk of exploitation. Avoid using maps from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TuxGuitar version 1.5.4 **Description** An issue was discovered in the io/gpx/GPXDocumentReader.java file, where misconfigured XML parsers lead to XXE (XML External Entity) attacks while loading GP6 (.gpx) and GP7 (.gp) tablature files. **Recommendations** For TuxGuitar version 1.5.4, consider disabling the `GPXDocumentReader` function until a patch is available to prevent XXE attacks. Restrict the loading of GP6 and GP7 files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** e6y prboom-plus version 2.5.1.5 **Description** An issue was discovered in the client and server code responsible for handling received UDP packets. This issue is a buffer overflow, as demonstrated by `I SendPacket` or `I SendPacketTo` in `i network.c`. **Recommendations** For version 2.5.1.5, consider disabling the `I SendPacket` and `I SendPacketTo` functions in `i network.c` as a temporary workaround until a patch is available. Restrict access to the UDP packet handling code to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.