Nigelxo

**Name of the Vulnerable Software and Affected Versions** Allegro versions 5.2.6 and earlier **Description** The issue allows attackers to cause a denial of service via crafted PCX, TGA, or BMP files to the allegro image addon. **Recommendations** For Allegro versions 5.2.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** diplib version 3.0.0 **Description** The issue is related to a Double Free vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For diplib version 3.0.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jhead version 3.06 **Description** The issue is related to a Buffer Overflow that occurs via the exif.c file in the function `Put16u()`. This is a general information about the problem, but specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited are not provided. **Recommendations** For jhead version 3.06, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: GPAC version 0.5.2 Description: A NULL pointer dereference issue exists in the `isomedia/track.c` module's `MergeTrack()` function, allowing attackers to execute arbitrary code or cause a Denial-of-Service (DoS) by uploading a malicious MP4 file. Recommendations: For GPAC version 0.5.2, consider disabling the `MergeTrack()` function until a patch is available to prevent exploitation. Restrict access to uploading MP4 files to minimize the risk of arbitrary code execution or DoS.

Name of the Vulnerable Software and Affected Versions: Libsixel version 1.8.6 Description: The issue is related to a Buffer Overflow in the `sixel encoder encode bytes` function, which can be exploited by attackers to cause a Denial of Service (DoS). Recommendations: For Libsixel version 1.8.6, consider disabling the `sixel encoder encode bytes` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** tsMuxer version 2.6.16 **Description** The issue allows attackers to cause a Denial of Service (DoS) by running the application with a malicious WAV file. This can be achieved through a Buffer Overflow. **Recommendations** For tsMuxer version 2.6.16, avoid using the application with untrusted WAV files until a patch is available. As a temporary workaround, consider validating all input files to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: exif versions 0.6.22 and earlier Description: The issue allows attackers to cause a Denial of Service (DoS) by uploading a malicious JPEG file, causing the application to crash. This occurs when printing out XML formatted EXIF data using the exif command line tool. Recommendations: For exif versions 0.6.22 and earlier, consider updating to a version later than 0.6.22 to resolve the issue. As a temporary workaround, restrict the upload of JPEG files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libcaca (affected versions not specified) **Description** A flaw was found in the libcaca library, specifically a heap buffer overflow in the `export tga` function within the `export.c` file. This issue may lead to memory corruption and other potential consequences. The vulnerability is related to a buffer overflow operation that can cause memory damage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libcaca (affected versions not specified) **Description** The issue is related to a buffer overflow in the export.c file, specifically in the export troff function of the libcaca graphic library, which is used for converting images to ASCII art. This buffer overflow can lead to memory corruption. The exploitation of this issue may allow a remote attacker to cause memory damage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.4.0 **Description** The issue is related to an integer overflow in OpenJPEG, which can be triggered by a remote attacker using the command line option "-ImgDir" on a directory containing a large number of files, specifically 1048576 files. This can cause the application to crash, resulting in a Denial of Service (DoS). The vulnerability is associated with incorrect handling of a directory with a large number of files. **Recommendations** For OpenJPEG version 2.4.0, consider avoiding the use of the "-ImgDir" command line option on directories with a large number of files until a patch is available. As a temporary workaround, restrict the number of files in the directory to prevent the integer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.