Op7Ic

**Name of the Vulnerable Software and Affected Versions** icoutils version 0.31.1 **Description** A buffer overflow issue was found in the `decode ne resource id` function, located in the `restable.c` source file. This occurs because the `len` parameter for `memcpy` is not checked for size, resulting in a negative integer and a failed `memcpy` operation. **Recommendations** For icoutils version 0.31.1, as a temporary workaround, consider disabling the `decode ne resource id` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Artifex Software, Inc. MuJS versions prior to 8f62ea10a0af68e56d5c00720523ebcba13c2e6a **Description** An issue was discovered in the MakeDay function in jsdate.c, which does not validate the month. This leads to an integer overflow when parsing a specially crafted JS file. **Recommendations** For versions prior to 8f62ea10a0af68e56d5c00720523ebcba13c2e6a, consider updating to a version that includes the fix for the MakeDay function issue. As a temporary workaround, consider restricting the use of the MakeDay function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Artifex Software, Inc. MuJS versions prior to 4006739a28367c708dea19aeb19b8a1a9326ce08 **Description** The issue is related to the `jsR setproperty` function in `jsrun.c`, which lacks a check for a negative array length. This leads to an integer overflow in the `js pushstring` function when parsing a specially crafted JS file. **Recommendations** For versions prior to 4006739a28367c708dea19aeb19b8a1a9326ce08, consider updating to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the `jsR setproperty` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MuJS versions prior to fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045 **Description** An integer overflow issue was found in the `regemit` function in `regexp.c`. This issue can be triggered by a regular expression with nested repetition, potentially leading to code execution or a denial of service condition due to a buffer overflow. **Recommendations** For versions prior to fa3d30fd18c348bb4b1f3858fb860f4fcd4b2045, update to a version that includes the fix for this issue to prevent potential code execution or denial of service.

**Name of the Vulnerable Software and Affected Versions** BlueZ version 5.42 **Description** A buffer overflow issue was found in the `set ext ctrl` function located in the `tools/parser/l2cap.c` source file when handling a corrupted dump file. **Recommendations** For BlueZ version 5.42, as a temporary workaround, consider disabling the `set ext ctrl` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** BlueZ version 5.42 **Description** A buffer overflow issue was observed in the `commands dump` function in the `tools/parser/csr.c` source file. This issue occurs due to the lack of boundary checks on the size of the buffer from the `frm->ptr` parameter, causing the `commands` array to overflow when a corrupted dump file is processed. As a result, this issue can lead to a crash of the hcidump. **Recommendations** For BlueZ version 5.42, as a temporary workaround, consider disabling the `commands dump` function in the `tools/parser/csr.c` source file until a patch is available. Restrict access to corrupted dump files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** BlueZ version 5.42 **Description** A buffer overflow issue was found in the `read n` function in the `tools/hcidump.c` source file. This issue can be triggered by processing a corrupted dump file, resulting in the hcidump crash. **Recommendations** For BlueZ version 5.42, as a temporary workaround, consider disabling the `read n` function in the `tools/hcidump.c` source file until a patch is available. Avoid using the affected `hcidump` tool with untrusted dump files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BlueZ version 5.42 **Description** An out-of-bounds read issue was found in the `le meta ev dump` function, located in the `tools/parser/hci.c` source file. This occurs because the `subevent` variable, used to read the correct element from the `ev le meta str` array, is overflowed. **Recommendations** For BlueZ version 5.42, as a temporary workaround, consider disabling the `le meta ev dump` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlueZ version 5.42 **Description** A buffer over-read issue was found in the `l2cap dump` function in the `tools/parser/l2cap.c` source file. This issue can be triggered by processing a corrupted dump file, resulting in an hcidump crash. **Recommendations** For BlueZ version 5.42, as a temporary workaround, consider disabling the `l2cap dump` function in the `tools/parser/l2cap.c` source file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** BlueZ version 5.42 **Description** A use-after-free issue was identified in the `conf opt` function in the `tools/parser/l2cap.c` source file. This issue can be triggered by processing a corrupted dump file, resulting in an hcidump crash. **Recommendations** For BlueZ version 5.42, as a temporary workaround, consider disabling the `conf opt` function until a patch is available. Restrict access to corrupted dump files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** BlueZ version 5.42 **Description** A buffer overflow issue was found in the `pin code reply dump` function, located in the `tools/parser/hci.c` source file. This occurs because the `pin` array is overflowed by a supplied parameter due to a lack of boundary checks on the size of the buffer from the `pin code reply cp *cp` parameter. **Recommendations** For BlueZ version 5.42, consider disabling the `pin code reply dump` function until a patch is available to prevent potential exploitation of this issue.

**Name of the Vulnerable Software and Affected Versions** MuJS versions prior to 5c337af4b3df80cf967e4f9f6a21522de84b392a **Description** A use-after-free issue was found in the Rp toString function, which can be exploited to achieve code execution or cause a denial of service condition. **Recommendations** For versions prior to 5c337af4b3df80cf967e4f9f6a21522de84b392a, update to a version that includes the fix for the Rp toString function issue.

**Name of the Vulnerable Software and Affected Versions** MuJS versions prior to 5000749f5afe3b956fc916e407309de840997f4a **Description** An out-of-bounds read issue was found in the Sp replace regexp function, potentially leading to code execution or a denial of service condition. **Recommendations** For versions prior to 5000749f5afe3b956fc916e407309de840997f4a, update to a version that includes the fix for this issue to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** MuJS versions prior to 8c805b4eb19cf2af689c860b77e6111d2ee439d5 **Description** A buffer overflow issue was found in the `divby` function, which can be exploited to achieve code execution or cause a denial of service condition. **Recommendations** For versions prior to 8c805b4eb19cf2af689c860b77e6111d2ee439d5, consider updating to a version that includes the fix for this issue to prevent potential code execution or denial of service. As a temporary workaround, consider restricting the use of the `divby` function until a patch is available.