Mssalvatore

**Name of the Vulnerable Software and Affected Versions** Zim versions 0.72.1 and earlier **Description** The issue allows a malicious user to predict and create Zim's temporary directories, preventing other users from starting Zim and resulting in a denial of service. **Recommendations** For versions 0.72.1 and earlier, consider implementing a randomization mechanism for temporary directory names to prevent predictability and potential denial of service attacks. As a temporary workaround, restrict access to the temporary directory creation process to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: VCFTools versions prior to 0.1.15 Description: The issue is related to a use-after-free problem, which can lead to a Denial of Service or possibly other impacts such as code execution or information disclosure. The component affected is the header::add FILTER descriptor method in header.cpp. The attack vector involves the victim opening a specially crafted VCF file. Recommendations: For versions prior to 0.1.15, update to version 0.1.15 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the header::add FILTER descriptor method in header.cpp until a patch is available. Restrict access to specially crafted VCF files to minimize the risk of exploitation.