Mondaylord

**Name of the Vulnerable Software and Affected Versions** faad2 version 2.10.1 **Description** A Buffer Overflow issue allows a remote attacker to execute arbitrary code and cause a denial of service via the `mp4info` function in `mp4read.c` at line 1039. **Recommendations** For faad2 version 2.10.1, consider disabling the `mp4info` function in `mp4read.c` as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libxlsv version 1.6.2 **Description** A Buffer Overflow issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the `transcode latin1 to utf8` function in `xlstool.c`. **Recommendations** For libxlsv version 1.6.2, consider disabling the `transcode latin1 to utf8` function in `xlstool.c` as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libxls version 1.6.2 **Description** The issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the `get string` function in `xlstool.c:395`. This enables the attacker to potentially disrupt service and execute malicious code. **Recommendations** For version 1.6.2, consider disabling the `get string` function in `xlstool.c` until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libxlsv version 1.6.2 **Description** The issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the `get string` function in `xlstool.c:411`. **Recommendations** For libxlsv version 1.6.2, consider disabling the `get string` function in `xlstool.c` until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** faad2 version 2.10.1 **Description** The issue allows a remote attacker to execute arbitrary code and cause a denial of service via the `stcoin` function in `mp4read.c`. **Recommendations** For faad2 version 2.10.1, consider disabling the `stcoin` function in `mp4read.c` as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libxls version 1.6.2 **Description** The issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the `xls parseWorkBook` function in `xls.c:1018`. This is a buffer overflow vulnerability. **Recommendations** For libxls version 1.6.2, consider disabling the `xls parseWorkBook` function until a patch is available to prevent exploitation. Restrict access to the vulnerable `xls.c` file to minimize the risk of arbitrary code execution. Avoid using the vulnerable function with crafted XLS files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libxlsv version 1.6.2 **Description** The issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the `unicode decode wcstombs` function in xlstool.c:266. This can lead to the execution of arbitrary code, resulting in a denial of service. **Recommendations** For libxlsv version 1.6.2, consider disabling the `unicode decode wcstombs` function until a patch is available to prevent the execution of arbitrary code. Restrict access to the xlstool.c module to minimize the risk of exploitation. Avoid using the affected function with crafted XLS files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libxls version 1.6.2 **Description** The issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the `xls parseWorkBook` function in `xls.c:1015`. This can lead to the execution of arbitrary code and denial of service. **Recommendations** For libxls version 1.6.2, consider disabling the `xls parseWorkBook` function until a patch is available to prevent exploitation. Restrict access to the `xls.c` file to minimize the risk of exploitation. Avoid using the `xls parseWorkBook` function with crafted XLS files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stress-test version e4c878 **Description** A FPE vulnerability was discovered in the stress-test master commit via the `combine inner` component at the `/pixman-combine-float.c` file. **Recommendations** For version e4c878, consider restricting access to the `combine inner` component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** faust version ee39a19 **Description** A stack overflow issue was discovered in the `boxppShared::print()` component at `/boxes/ppbox.cpp`. This issue affects the faust software. **Recommendations** For faust version ee39a19, consider disabling the `boxppShared::print()` function as a temporary workaround until a patch is available. Restrict access to the `/boxes/ppbox.cpp` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** fdkaac versions prior to 1.0.5 **Description** A heap buffer overflow was discovered in the `caf info` function in `caf reader.c`. **Recommendations** For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `caf info` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** fdkaac versions prior to 1.0.5 **Description** The issue is related to a stack overflow in the `read callback` function located in `src/main.c`. This indicates a potential buffer overflow condition that could be exploited. **Recommendations** For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `read callback` function in `src/main.c` until a patch is applied.