Piotr Bania

**Name of the Vulnerable Software and Affected Versions** GCC Productions Inc. Fade In version 4.2.0 **Description** An out-of-bounds write issue exists in the XML parser functionality. A specially crafted `.fadein` file can trigger this issue, potentially allowing an attacker to provide a malicious file and cause an out-of-bounds write. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GCC Productions Inc. Fade In version 4.2.0 **Description** A use-after-free issue exists in the XML parser functionality. Providing a specially crafted .xml file can lead to heap-based memory corruption. An attacker can trigger this by supplying a malicious file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows (affected versions not specified) Description: The issue is related to an out-of-bounds read in the user mode layer of the NVIDIA GPU Display Driver for Windows. This could allow an unprivileged user to cause the system to read data outside the intended buffer boundaries. A successful exploitation might result in code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows (affected versions not specified) Description: The issue is related to an out-of-bounds read in the user mode layer of the NVIDIA GPU Display Driver for Windows. This can be exploited by an unprivileged regular user. A successful exploit might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GPU Display Driver for Windows (affected versions not specified) **Description** The issue is related to an out-of-bounds read in the user mode layer of the NVIDIA GPU Display Driver for Windows. This could allow an unprivileged user to cause the system to read memory outside the intended boundaries, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GPU Display Driver for Windows (affected versions not specified) **Description** The issue is related to an out-of-bounds read in the user mode layer of the NVIDIA GPU Display Driver for Windows. This could allow an unprivileged user to cause the system to read memory outside the intended boundaries. A successful exploitation might result in code execution, denial of service, escalation of privileges, information disclosure, and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GPU Display Driver for Windows (affected versions not specified) **Description** The issue is related to an out-of-bounds read in the user mode layer of the NVIDIA GPU Display Driver for Windows. This could allow an unprivileged user to cause the system to read memory outside the intended boundaries, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows (affected versions not specified) Description: The issue is related to an out-of-bounds read in the user mode layer of the NVIDIA GPU Display Driver for Windows. This could allow an unprivileged regular user to cause the vulnerability, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AMD Radeon user mode driver for DirectX 11 (affected versions not specified) Description: The issue is related to an out of bounds write vulnerability in the AMD Radeon user mode driver for DirectX 11, which could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: AMD Radeon user mode driver for DirectX 11 (affected versions not specified) Description: An out of bounds write vulnerability in the AMD Radeon user mode driver for DirectX 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution. The vulnerability is related to a buffer overflow in memory, which can be exploited by an attacker to execute arbitrary code. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GPU Display Driver for Windows (affected versions not specified) **Description** The issue is related to an out-of-bounds write in the user mode layer of the NVIDIA GPU Display Driver for Windows, which can be caused by an unprivileged regular user. A successful exploit of this issue may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 114.0.5735.198 **Description** The issue is related to a use after free vulnerability in the Media component of Google Chrome, which can lead to heap corruption. This can potentially allow a remote attacker to execute arbitrary code via a crafted HTML page. **Recommendations** For versions prior to 114.0.5735.198, update to version 114.0.5735.198 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially malicious HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** PowerISO version 8.3 **Description** A memory corruption issue exists in the VHD File Format parsing CXSPARSE record functionality. This can be triggered by a specially-crafted file, leading to an out-of-bounds write. A victim needs to open a malicious file to activate this issue. The problem arises because the 'number of blocks' value from the CXSPARSE record is not properly checked, allowing an attacker to control the loop counter and leading to arbitrary memory writing. **Recommendations** For PowerISO version 8.3, ensure you are using the version with the latest bug fixes, as the developer has fixed the issue in a subsequent update, although no specific version number for the fix was assigned.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GPU Display Driver for Windows (affected versions not specified) **Description** The issue is related to an out-of-bounds write in the user-mode layer of the driver, which can be triggered by an unprivileged user. This may result in code execution, information disclosure, and denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 100.0.4896.88 **Description** The issue is related to a use after free in WebGPU, which can potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. This could enable the attacker to bypass existing security restrictions. **Recommendations** For Google Chrome versions prior to 100.0.4896.88, update to version 100.0.4896.88 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GPU Display Driver for Windows (affected versions not specified) **Description** The issue is related to the DirectX11 user mode driver, where an unauthorized attacker on the network can cause an out-of-bounds write through a specially crafted shader. This may lead to code execution, resulting in denial of service, escalation of privileges, information disclosure, and data tampering. The impact may extend to other components. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NVIDIA GPU Display Driver for Windows and Linux (affected versions not specified) **Description** The NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader. This may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Disc Soft Ltd Deamon Tools Pro version 8.3.0.0767 **Description** A memory corruption issue exists in the ISO Parsing functionality. This can be triggered by a specially crafted malformed file, leading to an out-of-bounds write. An attacker can exploit this by providing a malicious file. **Recommendations** For version 8.3.0.0767, consider avoiding the use of the ISO Parsing functionality until a fix is available. As a temporary workaround, restrict the handling of malformed files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** PowerISO version 7.9 **Description** A memory corruption issue exists in the DMG File Format Handler functionality. This can be triggered by a specially crafted DMG file, leading to an out-of-bounds write. An attacker can exploit this by providing a malicious file. **Recommendations** For PowerISO version 7.9, update to the latest bug-release version to resolve the issue. As a temporary workaround, consider avoiding the use of the DMG File Format Handler functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 111.0.5563.110 **Description** The issue is related to a use after free in the ANGLE library of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to a denial of service or the execution of arbitrary code. **Recommendations** For versions prior to 111.0.5563.110, update to version 111.0.5563.110 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted HTML pages until the update is applied.