Pwd

**Name of the Vulnerable Software and Affected Versions** DjVuLibre version 3.5.27 **Description** The issue is related to a NULL pointer dereference in the `DJVU::filter fv` function at `IW44EncodeCodec.cpp`. This can lead to errors due to pointer dereference issues. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For DjVuLibre version 3.5.27, consider applying a patch or fix that addresses the NULL pointer dereference in the `DJVU::filter fv` function to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Simple DirectMedia Layer (SDL) version 2.0.9 SDL2 image version 2.0.4 **Description** The issue is related to a heap-based buffer overflow in the `IMG LoadPCX RW` function, located in `IMG pcx.c`, which can lead to a denial of service. This overflow occurs when the `SDL2 image` library is used in conjunction with the `Simple DirectMedia Layer` library. **Recommendations** For Simple DirectMedia Layer (SDL) version 2.0.9, consider updating to a newer version to resolve the issue. For SDL2 image version 2.0.4, consider updating to a newer version to resolve the issue. As a temporary workaround, consider restricting the use of the `IMG LoadPCX RW` function in `IMG pcx.c` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** MediaInfo version 18.12 **Description** The issue is related to an out-of-bounds read in the `File Analyze::Get L8` function of the MediaInfoLib library in MediaArea MediaInfo. This can lead to a crash. The vulnerability is associated with reading data beyond the buffer boundaries, which may allow a remote attacker to cause a denial of service. **Recommendations** For MediaInfo version 18.12, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the `File Analyze::Get L8` function until a patch is available. Restrict access to the MediaInfoLib library to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.6 Description: An issue was discovered in PoDoFo where there is an attempted excessive memory allocation in `PoDoFo::podofo calloc` when called from `PoDoFo::PdfPredictorDecoder::PdfPredictorDecoder`. Recommendations: For PoDoFo version 0.9.6, consider applying a patch or fix to address the excessive memory allocation issue in `PoDoFo::podofo calloc` to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.71.0 **Description** The issue is related to a reachable abort in Object.h, which can lead to a denial of service. This is because the EmbFile::save2 function in FileSpec.cc lacks a stream check before saving an embedded file. The exploitation of this issue allows a remote attacker to cause a denial of service. **Recommendations** For Poppler version 0.71.0, consider disabling the `EmbFile::save2` function in FileSpec.cc until a patch is available to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Poppler version 0.71.0 **Description** The issue is related to a memory leak in the GfxState.cc component of the Poppler library, which is used for displaying PDF files. This memory leak occurs due to a resource not being released after its valid lifetime has expired. Exploitation of this issue allows a remote attacker to cause a denial of service. **Recommendations** For Poppler version 0.71.0, consider applying a patch or updating to a newer version that fixes the memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc to prevent potential denial of service attacks.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.1.0 **Description** An issue was discovered in the DLS::Sampler::Sampler function in DLS.cpp, where there is an operator new[] failure due to a large pSampleLoops heap request. **Recommendations** For libgig version 4.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.1.0 **Description** An issue was discovered in the DLS::File::File function within DLS.cpp, where there is an operator new[] failure due to a large pWavePoolTable heap request. **Recommendations** For libgig version 4.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.1.0 **Description** A heap-based buffer over-read issue was discovered in the DLS::Region::GetSample() function in DLS.cpp. **Recommendations** For libgig version 4.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.1.0 **Description** An issue was discovered that causes an FPE, specifically a divide-by-zero error, in the DLS::Sample::Sample function within DLS.cpp. **Recommendations** For libgig version 4.1.0, consider applying a patch or fix to resolve the divide-by-zero error in the DLS::Sample::Sample function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libgig version 4.1.0 **Description** A heap-based buffer over-read issue was discovered in the RIFF::List::GetListTypeString function in RIFF.cpp. **Recommendations** For libgig version 4.1.0, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** HDF5 version 1.8.20 **Description** An issue was discovered in the HDF5 library, where there is an out of bounds read in the function `H5O pline reset` in `H5Opline.c`. **Recommendations** For version 1.8.20, consider updating to a newer version that contains a fix for this issue, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** sam2p version 0.49.4 **Description** A heap-based buffer overflow exists in the ReadImage function in input-tga.ci, potentially leading to a denial of service or other unspecified impacts. **Recommendations** For sam2p version 0.49.4, update to a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** sam2p version 0.49.4 **Description** A heap-based buffer overflow issue exists in the `bmp compress1 row` function within `appliers.cpp` of sam2p. This can lead to a denial of service or potentially other unspecified impacts. **Recommendations** For sam2p version 0.49.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.