Raphael Hertzog

**Name of the Vulnerable Software and Affected Versions** FreeImage versions 3.17.0 and earlier **Description** The issue is related to multiple integer underflows in PluginPCX.cpp, which can be exploited by remote attackers to cause a denial of service, resulting in heap memory corruption. This can be achieved via vectors related to the height and width of a window. **Recommendations** For FreeImage versions 3.17.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dpkg versions prior to 1.14.31 dpkg version 1.15.x **Description** A directory traversal issue exists, allowing user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package. **Recommendations** For dpkg versions prior to 1.14.31, update to version 1.14.31 or later. For dpkg version 1.15.x, consider disabling the use of source-format 3.0 packages until a patch is available.