Qixue Xiao

**Name of the Vulnerable Software and Affected Versions** libdwarf version 20151114 **Description** The issue allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. This is due to a problem in the `get abbrev array info` function. **Recommendations** For libdwarf version 20151114, consider disabling the `get abbrev array info` function as a temporary workaround until a patch is available. Restrict access to crafted elf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libpng versions 1.0.x through 1.0.63 libpng versions 1.2.x through 1.2.53 libpng versions 1.4.x through 1.4.16 **Description** The issue allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read. This is related to the png convert to rfc1123 function in png.c. The vulnerability is also associated with a lack of protection for service data, which can be exploited by a remote attacker using a specially crafted image to access protected information. Additionally, there is a buffer overflow issue caused by a read underflow in png check keyword in pngwutil.c, which can be exploited by sending an overly long argument, potentially allowing a remote attacker to execute arbitrary code on the system or cause the application to crash. **Recommendations** For libpng versions 1.0.x through 1.0.63, update to version 1.0.64 or later. For libpng versions 1.2.x through 1.2.53, update to version 1.2.54 or later. For libpng versions 1.4.x through 1.4.16, update to version 1.4.17 or later. As a temporary workaround, consider restricting the use of the `png convert to rfc1123` function and the `png check keyword` function in `pngwutil.c` until a patch is available. Avoid using overly long arguments in the `png check keyword` function to minimize the risk of exploitation.