Ninpwn

Name of the Vulnerable Software and Affected Versions: Nothings stb up to f056911 Description: A critical issue was found in Nothings stb, affecting the `stb dupreplace` function. The manipulation leads to integer overflow, and the attack may be launched remotely. The product uses continuous delivery with rolling releases, so no version details of affected or updated releases are available. The vendor was contacted early about this disclosure but did not respond. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Nothings stb versions up to f056911 Description: A critical issue was found in the function `stbhw build tileset from image`. The manipulation of the arguments `h count` and `v count` leads to an out-of-bounds read. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. Recommendations: For versions up to f056911, as a temporary workaround, consider restricting the use of the `stbhw build tileset from image` function until a fix is available. Avoid manipulating the `h count` and `v count` arguments in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Nothings stb up to f056911 Description: A vulnerability was found in the function `stbhw build tileset from image` of the component Header Array Handler. The manipulation of the argument `w` leads to an out-of-bounds read. It is possible to launch the attack remotely. Recommendations: As a temporary workaround, consider restricting the use of the `stbhw build tileset from image` function until a fix is available. Avoid manipulating the argument `w` in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Nothings stb up to f056911 Description: A critical vulnerability has been found in Nothings stb, affecting the `stb include string` function. The manipulation of the `path to includes` argument leads to a stack-based buffer overflow. This issue can be exploited remotely. The vendor was contacted about this disclosure but did not respond. Recommendations: For Nothings stb up to f056911, as a temporary workaround, consider disabling the `stb include string` function until a patch is available. Restrict access to the `path to includes` argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Novastar CX40 versions up to 2.44.0 **Description** A critical vulnerability has been found in the NetFilter Utility component of Novastar CX40. The issue affects the `system/popen` function of the `/usr/nova/bin/netconfig` file, leading to command injection. The exploit has been publicly disclosed. **Recommendations** For versions up to 2.44.0, as a temporary workaround, consider restricting access to the `system/popen` function in the `/usr/nova/bin/netconfig` file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Novastar CX40 versions up to 2.44.0 **Description** A critical issue affects the `getopt` function of the `/usr/nova/bin/netconfig` file in the NetFilter Utility component. The manipulation of the `cmd`, `netmask`, `pipeout`, or `nettask` arguments leads to a stack-based buffer overflow. The exploit has been publicly disclosed. **Recommendations** For Novastar CX40 versions up to 2.44.0, as a temporary workaround, consider disabling the `getopt` function in the `/usr/nova/bin/netconfig` file until a patch is available. Restrict access to the NetFilter Utility component to minimize the risk of exploitation. Avoid using the `cmd`, `netmask`, `pipeout`, or `nettask` arguments in the affected `getopt` function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** GNOME libgsf versions up to 1.14.53 **Description** A critical issue affects the function `gsf property settings collec`. The manipulation of the argument `n alloced params` leads to a heap-based buffer overflow. This issue requires local attack capabilities. The vendor was contacted about this disclosure but did not respond. **Recommendations** For GNOME libgsf versions up to 1.14.53, as a temporary workaround, consider restricting access to the `gsf property settings collec` function until a patch is available. Avoid manipulating the `n alloced params` argument in the affected function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNOME libgsf versions up to 1.14.53 **Description** A critical issue was found in the function `gsf base64 encode simple`, where the manipulation of the argument `size t` leads to a heap-based buffer overflow. This issue can be exploited locally. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For GNOME libgsf versions up to 1.14.53, as a temporary workaround, consider restricting the use of the `gsf base64 encode simple` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNOME libgsf versions up to 1.14.53 **Description** A critical issue affects the function `gsf prop settings collect va` due to the manipulation of the argument `n alloced params`, leading to a heap-based buffer overflow. This issue requires local access to exploit. The vendor was contacted about this disclosure but did not respond. **Recommendations** For GNOME libgsf versions up to 1.14.53, consider restricting access to the `gsf prop settings collect va` function until a patch is available. As a temporary workaround, avoid manipulating the `n alloced params` argument to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNOME libgsf versions up to 1.14.53 **Description** A problematic vulnerability has been found in the sorting key copy function of GNOME libgsf. The manipulation of the `Name` argument leads to an out-of-bounds read. This issue can be exploited locally. The vendor was contacted about this disclosure but did not respond. **Recommendations** For GNOME libgsf versions up to 1.14.53, as a temporary workaround, consider restricting the use of the `sorting key copy` function until a patch is available. Avoid manipulating the `Name` argument in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A problem has been found in the function `vbi strndup iconv ucs2` of the file src/conv.c. The manipulation of the argument `src length` leads to an uninitialized pointer. It is possible to launch the attack remotely. The issue has been disclosed to the public. The code maintainer was informed beforehand about the issues and reacted quickly and professionally. **Recommendations** For libzvbi versions 0.2.43 and earlier, update to version 0.2.44 to address this issue. As a temporary workaround, consider restricting the use of the `vbi strndup iconv ucs2` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A critical issue has been found that affects the `vbi search new` function in the src/search.c file. The manipulation of the `pat len` argument leads to an integer overflow. This issue can be exploited remotely. The code maintainer was informed about the issues beforehand and reacted quickly and professionally. **Recommendations** For libzvbi versions 0.2.43 and earlier, update to version 0.2.44 to address this issue. As a temporary workaround, consider restricting the use of the `vbi search new` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A critical issue has been found in libzvbi, affecting the `vbi capture sim load caption` function in the src/io-sim.c file. This issue leads to an integer overflow and can be initiated remotely. The code maintainer was informed beforehand and reacted quickly and professionally. **Recommendations** For libzvbi versions 0.2.43 and earlier, update to version 0.2.44 to address this issue. As a temporary workaround, consider disabling the `vbi capture sim load caption` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A vulnerability was found in the function ` vbi strndup iconv`. The manipulation leads to integer overflow. The attack may be launched remotely. **Recommendations** For libzvbi versions 0.2.43 and earlier, upgrade to version 0.2.44 to address this issue. As a temporary workaround, consider restricting the use of the ` vbi strndup iconv` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A problem has been found in the function `vbi strndup iconv ucs2` of the file src/conv.c. The manipulation of the argument `src length` leads to an integer overflow. This issue can be exploited remotely. The code maintainer was informed about the issues beforehand and reacted quickly and professionally. **Recommendations** For libzvbi versions 0.2.43 and earlier, update to version 0.2.44 to address this issue. As a temporary workaround, consider restricting the use of the `vbi strndup iconv ucs2` function until the update is applied.