Pinar Yanardag

**Name of the Vulnerable Software and Affected Versions** GNU MPFR version 2.4.0 GNU MPFR versions prior to 2.4.1 **Description** The issue concerns buffer overflows in the `mpfr snprintf` and `mpfr vsnprintf` functions, which can be exploited by context-dependent attackers to cause a denial of service, resulting in a crash. The vulnerability can also lead to violations of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. **Recommendations** For GNU MPFR version 2.4.0, update to version 2.4.1 or later to resolve the issue. For GNU MPFR versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of the `mpfr snprintf` and `mpfr vsnprintf` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Poppler versions prior to 0.10.4 **Description** The issue allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry. This is due to a problem in the FormWidgetChoice::loadDefaults function. **Recommendations** For versions prior to 0.10.4, update to version 0.10.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Poppler versions prior to 0.10.4 **Description** The issue allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error. This error is not properly handled by the JBIG2SymbolDict destructor and triggers an invalid memory dereference in the JBIG2Stream::readSymbolDictSeg function. **Recommendations** For versions prior to 0.10.4, update to version 0.10.4 or later to resolve the issue.