R4Xis

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.5 Description: The issue is related to an infinite loop in the `PdfParserObject::ParseFileComplete()` function, located in `PdfParserObject.cpp`, which may lead to a stack overflow. This could allow remote attackers to cause a denial-of-service or potentially other unspecified impacts by using a crafted pdf file. Recommendations: For PoDoFo version 0.9.5, consider avoiding the use of the `PdfParserObject::ParseFileComplete()` function until a patch is available. As a temporary workaround, restrict the processing of crafted pdf files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WavPack version 5.1.0 **Description** The issue allows a remote attacker to cause a denial-of-service, or possibly trigger a buffer overflow or incorrect memory allocation, via a maliciously crafted CAF file. This is due to a global buffer over-read in the ParseCaffHeaderConfig function of the cli/caff.c file. **Recommendations** For WavPack version 5.1.0, consider avoiding the use of the ParseCaffHeaderConfig function until a patch is available. As a temporary workaround, restrict the processing of CAF files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.29.1 **Description** The issue is related to an unsigned integer overflow in the `elf object p` function within the `elfcode.h` component of the GNU Binutils library. This overflow can be triggered by a crafted ELF file, allowing remote attackers to cause a denial of service, such as an application crash, or potentially have other unspecified impacts. The vulnerability may also allow attackers to access or modify confidential data. **Recommendations** For GNU Binutils version 2.29.1, consider updating to a newer version that addresses the unsigned integer overflow issue in the `elf object p` function. As a temporary workaround, restrict the use of specially crafted ELF files to minimize the risk of exploitation.