Rootsec

Name of the Vulnerable Software and Affected Versions: JasPer versions up to 4.2.5 Description: A use-after-free vulnerability exists in JasPer up to version 4.2.5. The issue affects the `jpc dec dump` function within the JPEG2000 File Handler component, located in the file `src/libjasper/jpc/jpc dec.c`. Exploitation requires local access. The exploit for this issue has been publicly disclosed. Recommendations: Apply the patch named 8308060d3fbc1da10353ac8a95c8ea60eba9c25a to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.6.0 **Description** A problematic issue exists in libtiff due to a null pointer dereference in the `PS Lvl2page` function within the `tiff2ps` component (file `tools/tiff2ps.c`). The issue occurs when the DEFER STRILE LOAD option is enabled or the TIFFOpen function is used with the "rD" option. Exploitation is considered difficult, but the exploit has been publicly disclosed. **Recommendations** Apply the patch 6ba36f159fd396ad11bf6b7874554197736ecc8b to resolve this issue.

**Name of the Vulnerable Software and Affected Versions** Radare2 version 5.9.9 **Description** A problematic vulnerability was found in the function `cons stack load` in the library `/libr/cons/cons.c` of the component `radiff2`. The manipulation of the argument `-T` leads to memory corruption. An attack must be approached locally and has a rather high complexity, making exploitation difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted. The parameter `-T` is experimental and "crashy". Further analysis has shown that "the race is not a real problem unless you use asan". A new warning has been added. **Recommendations** To fix this issue, it is recommended to apply the patch named `5705d99cc1f23f36f9a84aab26d1724010b97798`. As a temporary workaround, consider avoiding the use of the experimental parameter `-T` until the issue is resolved. Additionally, restrict access to the vulnerable function `cons stack load` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Radare2 version 5.9.9 **Description** A vulnerability has been found in the function `r cons flush` in the library `/libr/cons/cons.c` of the component `radiff2`. The manipulation of the argument `-T` leads to use after free. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The documentation explains that the parameter `-T` is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added. **Recommendations** To fix this issue, it is recommended to apply a patch with the name `5705d99cc1f23f36f9a84aab26d1724010b97798`. As a temporary workaround, consider disabling the use of the experimental parameter `-T` until a patch is available. Restrict access to the vulnerable function `r cons flush` in the `radiff2` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Radare2 version 5.9.9 **Description** A problematic vulnerability was found in Radare2, affecting the function `r cons pal init` in the library `/libr/cons/pal.c` of the component `radiff2`. The manipulation of the argument `-T` leads to memory corruption. Attacking locally is a requirement, and the complexity of an attack is rather high. The exploitability is told to be difficult. The real existence of this vulnerability is still doubted at the moment. The documentation explains that the parameter `-T` is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use `asan`". A new warning has been added. **Recommendations** Apply a patch to fix this issue, specifically the patch with the identifier `5705d99cc1f23f36f9a84aab26d1724010b97798`. As a temporary workaround, consider avoiding the use of the experimental parameter `-T` until the issue is resolved. Restrict access to the vulnerable function `r cons pal init` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Radare2 version 5.9.9 **Description** A vulnerability was found in Radare2, affecting the function `r cons is breaked` in the library `/libr/cons/cons.c` of the component radiff2. The manipulation of the argument `-T` leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high, and the exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The documentation explains that the parameter `-T` is experimental and "crashy". Further analysis has shown that "the race is not a real problem unless you use asan". An additional warning regarding threading support has been added. **Recommendations** To fix this issue, it is recommended to apply a patch with the identifier 5705d99cc1f23f36f9a84aab26d1724010b97798. As a temporary workaround, consider disabling the use of the experimental parameter `-T` until a patch is available. Restrict access to the vulnerable function `r cons is breaked` to minimize the risk of exploitation. Avoid using the parameter `-T` in the affected component radiff2 until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Radare2 version 5.9.9 **Description** A vulnerability was found in Radare2 and classified as problematic. This issue affects the function `r cons context break pop` in the library `/libr/cons/cons.c` of the component `radiff2`. The manipulation of the argument `-T` leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. The real existence of this vulnerability is still doubted at the moment. The documentation explains that the parameter `-T` is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added. **Recommendations** To fix this issue, it is recommended to apply a patch named `5705d99cc1f23f36f9a84aab26d1724010b97798`. As a temporary workaround, consider avoiding the use of the experimental parameter `-T` until the issue is resolved. Additionally, users can restrict the use of the `radiff2` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Radare2 version 5.9.9 **Description** A problem was found in the function `r cons pal init` in the library `/libr/cons/pal.c` of the component radiff2. The manipulation of the argument `-T` leads to memory corruption. An attack must be approached locally and has a rather high complexity. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this issue is still doubted at the moment. The documentation explains that the parameter `-T` is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added. **Recommendations** To fix this issue, it is recommended to apply a patch. The name of the patch is 5705d99cc1f23f36f9a84aab26d1724010b97798. As a temporary workaround, consider avoiding the use of the experimental parameter `-T` until the issue is resolved. Restrict access to the vulnerable function `r cons pal init` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Radare2 version 5.9.9 **Description** A problem has been found in the function `r cons rainbow free` in the library `/libr/cons/pal.c` of the component `radiff2`. The manipulation of the argument `-T` leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The documentation explains that the parameter `-T` is experimental and "crashy". Further analysis has shown "the race is not a real problem unless you use asan". A new warning has been added. **Recommendations** To fix this issue, apply a patch identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. As a temporary workaround, consider avoiding the use of the experimental parameter `-T` until the issue is resolved. Restrict access to the vulnerable function `r cons rainbow free` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Radare2 version 5.9.9 **Description** A problematic vulnerability has been found in Radare2, affecting the function `r cons pal init` in the library `/libr/cons/pal.c` of the component `radiff2`. The manipulation leads to memory corruption. The attack needs to be approached locally and has a rather high complexity. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The documentation explains that the parameter `-T` is experimental and "crashy". Further analysis has shown that the issue is not a real problem unless `asan` is used. A new warning has been added. **Recommendations** To fix this issue, it is recommended to apply a patch, identified as `5705d99cc1f23f36f9a84aab26d1724010b97798`. As a temporary workaround, consider disabling the `r cons pal init` function until a patch is available. Additionally, avoid using the experimental parameter `-T` unless necessary, and be cautious when using `asan` to minimize the risk of exploitation.