Nemux

Name of the Vulnerable Software and Affected Versions: EDIMAX IC-3140W versions 3.06 and earlier EDIMAX IC-5150W versions 3.09 and earlier EDIMAX IC-6220DC versions 3.06 and earlier Description: An issue was discovered in EDIMAX devices, where the ipcam cgi binary contains a stack-based buffer overflow. This can be triggered remotely without authentication through the "/camera-cgi/public/getsysyeminfo.cgi" API endpoint by sending an HTTP request with a VALUE HERE length of more than 1024 characters, allowing an attacker to overwrite other values on the stack due to the incorrect use of the strcpy() function. Recommendations: For EDIMAX IC-3140W versions 3.06 and earlier, update to a version that fixes the issue with the ipcam cgi binary. For EDIMAX IC-5150W versions 3.09 and earlier, update to a version that fixes the issue with the ipcam cgi binary. For EDIMAX IC-6220DC versions 3.06 and earlier, update to a version that fixes the issue with the ipcam cgi binary. As a temporary workaround, consider restricting access to the "/camera-cgi/public/getsysyeminfo.cgi" API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libquicktime versions 1.2.4 and earlier **Description** The issue is related to an integer overflow in the `quicktime read pascal` function, which can be triggered by a crafted hdlr MP4 atom. This can lead to a denial of service or potentially other unspecified impacts. **Recommendations** For libquicktime versions 1.2.4 and earlier, consider updating to a version later than 1.2.4 to resolve the issue. As a temporary workaround, restrict the processing of crafted hdlr MP4 atoms to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libsndfile version 1.0.25 **Description** The issue is related to a heap-based buffer overflow that can be triggered by the headindex value in the header of an AIFF file. This allows remote attackers to have an unspecified impact. **Recommendations** For libsndfile version 1.0.25, consider updating to a newer version that addresses this issue. As a temporary workaround, restrict the processing of AIFF files with potentially malicious headindex values in the header. Avoid using the `headindex` value in the AIFF file header until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.