Probefuzzer

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is related to a use-after-free in the decompileArithmeticOp function of decompile.c. This could allow remote attackers to cause a denial-of-service via a crafted swf file. **Recommendations** For libming version 0.4.8, consider avoiding the use of the decompileArithmeticOp function until a patch is available. As a temporary workaround, restrict the processing of swf files from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** elfutils version 0.170 **Description** The issue is related to a buffer over-read in the `ebl dynamic tag name` function, located in the `libebl/ebldynamictagname.c` file. This occurs because `SYMTAB SHNDX` is unsupported. **Recommendations** For elfutils version 0.170, at the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: ZZIPlib version 0.13.68 Description: The issue is related to an uncontrolled memory allocation in the ` zzip parse root directory` function, which can cause a crash. This can be exploited by remote attackers to cause a denial of service using a crafted zip file. Recommendations: For ZZIPlib version 0.13.68, consider avoiding the use of the ` zzip parse root directory` function until a patch is available. As a temporary workaround, restrict the handling of zip files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZZIPlib version 0.13.67 **Description** The issue is caused by a bus error when handling a disk64 trailer seek value due to the loading of a misaligned address in the `zzip disk findfirst` function of `zzip/mmapped.c`. **Recommendations** For ZZIPlib version 0.13.67, consider avoiding the use of the `zzip disk findfirst` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: ZZIPlib version 0.13.67 Description: The issue is related to insufficient input validation in the zzip fetch disk trailer function of the ZZIPlib archiving library. This can be exploited by remote attackers to cause a denial of service using a specially crafted zip file. The problem arises when handling disk64 trailer local entries, leading to a bus error due to the loading of a misaligned address. Recommendations: For ZZIPlib version 0.13.67, consider avoiding the use of the zzip fetch disk trailer function until a patch is available, or refrain from handling untrusted zip files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ZZIPlib version 0.13.67 Description: The issue is related to insufficient input validation in the ` zzip fetch disk trailer` function of the ZZIPlib archiving library. This can be exploited by a remote attacker using a specially crafted zip file, potentially leading to a denial of service. The vulnerability is caused by a memory alignment error and bus error in the ` zzip fetch disk trailer` function. Recommendations: For ZZIPlib version 0.13.67, consider disabling the ` zzip fetch disk trailer` function as a temporary workaround until a patch is available. Restrict access to zip files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: ZZIPlib version 0.13.67 Description: The issue is related to the zzip disk findfirst function in the zzip/mmapped.c file, which can cause a bus error due to the loading of a misaligned address. This can be exploited by remote attackers to cause a denial of service using a crafted zip file. The vulnerability is also associated with an incorrect buffer size calculation in the zzip disk findfirst function of the ZZIPlib archiving library. Recommendations: For ZZIPlib version 0.13.67, consider avoiding the use of the `zzip disk findfirst` function until a patch is available. As a temporary workaround, restrict the handling of zip files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ZZIPlib versions 0.13.56 through 0.13.67 **Description** The issue is related to invalid memory access in the `zzip disk fread` function, causing a segmentation fault. This occurs because the size variable is not validated against the amount of file->stored data. Additionally, there is a buffer overflow vulnerability in the `zzip mem entry new` function, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For ZZIPlib versions 0.13.56 through 0.13.67, consider disabling the `zzip disk fread` function and the `zzip mem entry new` function until a patch is available. Restrict access to the `zzip/mmapped.c` and `zzip/memdisk.c` files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Long Range Zip (aka lrzip) version 0.631 Description: The issue is related to an infinite loop and application hang in the `get fileinfo` function. Remote attackers could leverage this to cause a denial of service via a crafted lrz file. Recommendations: For Long Range Zip (aka lrzip) version 0.631, consider disabling the `get fileinfo` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.3.0 **Description** The issue is related to an integer overflow caused by an out-of-bounds left shift in the `opj j2k setup encoder` function. This can be exploited by remote attackers to cause a denial of service via a crafted bmp file. **Recommendations** For OpenJPEG version 2.3.0, consider disabling the `opj j2k setup encoder` function as a temporary workaround until a patch is available. Restrict access to handling crafted bmp files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Exiv2 version 0.26 Description: The issue is caused by uncontrolled recursion in the Exiv2::Image::printIFDStructure function, located in the image.cpp file. This can be exploited by remote attackers to cause a denial of service using a crafted tif file. Recommendations: For Exiv2 version 0.26, consider disabling the Exiv2::Image::printIFDStructure function until a patch is available to prevent potential denial of service attacks via crafted tif files.

Name of the Vulnerable Software and Affected Versions: Long Range Zip (aka lrzip) version 0.631 Description: The issue is related to a use-after-free in the `ucompthread` function, located in `stream.c`. This could allow remote attackers to cause a denial of service by providing a crafted lrz file. Recommendations: For Long Range Zip (aka lrzip) version 0.631, consider disabling the `ucompthread` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: MuPDF version 1.12.0 Description: The issue is related to an infinite loop vulnerability and application hang in the `pdf parse array` function, located in `pdf/pdf-parse.c`, due to the failure to consider the End Of File (EOF). This allows remote attackers to cause a denial of service by providing a crafted pdf file. Recommendations: For MuPDF version 1.12.0, consider disabling the `pdf parse array` function as a temporary workaround until a patch is available. Restrict access to crafted pdf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenJPEG version 2.3.0 **Description** The issue is related to an integer overflow in the `opj t1 encode cblks` function, located in `openjp2/t1.c`. This can be exploited by remote attackers to cause a denial of service using a crafted bmp file. **Recommendations** For OpenJPEG version 2.3.0, consider applying a patch or fix that addresses the integer overflow in the `opj t1 encode cblks` function to prevent denial of service attacks. As a temporary workaround, consider restricting the processing of crafted bmp files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Long Range Zip (aka lrzip) version 0.631 **Description** The issue is related to an infinite loop and application hang in the `unzip match` function in `runzip.c`. This can be exploited by remote attackers to cause a denial of service via a crafted lrz file. **Recommendations** For Long Range Zip (aka lrzip) version 0.631, consider disabling the `unzip match` function in `runzip.c` as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PoDoFo version 0.9.5 **Description** The issue arises from improper validation of memcpy arguments in the PdfMemoryOutputStream::Write function. This could allow remote attackers to cause a denial-of-service or possibly other unspecified impacts by using a crafted pdf file. **Recommendations** For PoDoFo version 0.9.5, update to a newer version that addresses this issue, as the current version does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libming version 0.4.8 **Description** The issue is caused by an integer overflow due to an out-of-range left shift in the `readUInt32` function, located in `util/read.c`. This can be exploited by remote attackers to cause a denial-of-service using a crafted swf file. **Recommendations** For libming version 0.4.8, consider applying a patch or fix that addresses the integer overflow in the `readUInt32` function to prevent denial-of-service attacks.

**Name of the Vulnerable Software and Affected Versions** PoDoFo version 0.9.5 **Description** The issue is related to an integer overflow in the `PdfXRefStreamParserObject::ParseStream` function. This could allow remote attackers to cause a denial-of-service by providing a crafted pdf file. **Recommendations** For PoDoFo version 0.9.5, consider applying a patch or fix that addresses the integer overflow in the `PdfXRefStreamParserObject::ParseStream` function to prevent denial-of-service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.