Samuel Groß

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 110 Thunderbird versions prior to 102.8 Firefox ESR versions prior to 102.8 **Description** The issue is related to cross-compartment wrappers wrapping a scripted proxy, which could cause objects from other compartments to be stored in the main compartment, resulting in a use-after-free after unwrapping the proxy. This can be exploited by a remote attacker to store objects from other compartments in the main compartment. **Recommendations** For Firefox versions prior to 110, update to version 110 or later. For Thunderbird versions prior to 102.8, update to version 102.8 or later. For Firefox ESR versions prior to 102.8, update to version 102.8 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 16.2 tvOS versions prior to 16.2 macOS Ventura versions prior to 13.1 iOS versions prior to 16.2 iPadOS versions prior to 16.2 watchOS versions prior to 9.2 **Description** A memory corruption issue was addressed with improved input validation. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For Safari versions prior to 16.2, update to Safari 16.2 or later. For tvOS versions prior to 16.2, update to tvOS 16.2 or later. For macOS Ventura versions prior to 13.1, update to macOS Ventura 13.1 or later. For iOS versions prior to 16.2, update to iOS 16.2 or later. For iPadOS versions prior to 16.2, update to iPadOS 16.2 or later. For watchOS versions prior to 9.2, update to watchOS 9.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 107 Firefox ESR versions prior to 102.5 Thunderbird versions prior to 102.5 **Description** The issue is related to the use of memory after it has been freed when processing JavaScript code, potentially leading to a crash that could be exploited by a remote attacker. This could occur if an out-of-memory condition happens when creating a JavaScript global, causing a JavaScript realm to be deleted while references to it still exist in a BaseShape, resulting in a use-after-free situation. **Recommendations** For Firefox versions prior to 107, update to version 107 or later to resolve the issue. For Firefox ESR versions prior to 102.5, update to version 102.5 or later to resolve the issue. For Thunderbird versions prior to 102.5, update to version 102.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 106 Firefox ESR versions prior to 102.4 Thunderbird versions prior to 102.4 **Description** The issue is related to the Garbage Collector component of the JS Engine in Mozilla browsers, which incorrectly releases memory segments. This can be exploited by a remote attacker using a specially crafted malicious website, potentially allowing the execution of arbitrary code or causing a denial of service. The vulnerability is associated with missing annotations in certain types of allocations, which could lead to memory corruption and a potentially exploitable crash if the Garbage Collector is in a specific state. **Recommendations** For Firefox versions prior to 106, update to version 106 or later to resolve the issue. For Firefox ESR versions prior to 102.4, update to version 102.4 or later to resolve the issue. For Thunderbird versions prior to 102.4, update to version 102.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 16.2 tvOS versions prior to 16.2 macOS Ventura versions prior to 13.1 iOS versions prior to 16.2 iPadOS versions prior to 16.2 watchOS versions prior to 9.2 WebKitGTK (affected versions not specified) WPE WebKit (affected versions not specified) **Description** The issue is related to a memory corruption problem that can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. This allows a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Safari versions prior to 16.2, update to Safari 16.2 or later. For tvOS versions prior to 16.2, update to tvOS 16.2 or later. For macOS Ventura versions prior to 13.1, update to macOS Ventura 13.1 or later. For iOS versions prior to 16.2, update to iOS 16.2 or later. For iPadOS versions prior to 16.2, update to iPadOS 16.2 or later. For watchOS versions prior to 9.2, update to watchOS 9.2 or later. For WebKitGTK and WPE WebKit, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 16.2 tvOS versions prior to 16.2 macOS Ventura versions prior to 13.1 iOS versions prior to 15.7.2 and prior to 16.2 iPadOS versions prior to 15.7.2 and prior to 16.2 watchOS versions prior to 9.2 **Description** A memory corruption issue was addressed with improved input validation. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to a buffer overflow vulnerability in the WebKitGTK and WPE WebKit modules, which can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For Safari versions prior to 16.2, update to Safari 16.2 or later. For tvOS versions prior to 16.2, update to tvOS 16.2 or later. For macOS Ventura versions prior to 13.1, update to macOS Ventura 13.1 or later. For iOS versions prior to 15.7.2, update to iOS 15.7.2 or later. For iOS versions prior to 16.2, update to iOS 16.2 or later. For iPadOS versions prior to 15.7.2, update to iPadOS 15.7.2 or later. For iPadOS versions prior to 16.2, update to iPadOS 16.2 or later. For watchOS versions prior to 9.2, update to watchOS 9.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.2 Apple macOS versions prior to 10.13.2 Apple tvOS versions prior to 11.2 Apple watchOS versions prior to 4.2 **Description** A race condition was addressed with additional validation. This issue allows an application to potentially gain elevated privileges. **Recommendations** For Apple iOS versions prior to 11.2, update to iOS 11.2 or later. For Apple macOS versions prior to 10.13.2, apply Security Update 2017-002 Sierra or later, or update to macOS High Sierra 10.13.2 or later. For Apple tvOS versions prior to 11.2, update to tvOS 11.2 or later. For Apple watchOS versions prior to 4.2, update to watchOS 4.2 or later. For macOS El Capitan, apply Security Update 2017-005 El Capitan or later.

**Name of the Vulnerable Software and Affected Versions** Chromium versions prior to 97.0.4692.71-0.1~deb11u1 qtwebengine5 version 5.15.8 ungoogled-chromium version 113.0.5672.92-1.1 chromedriver version 95.0.4638.69-1.1 nodejs-electron version 13.6.2-1.1 Chromium-gost versions 96.0.4664.45-alt2.c9.1 and 96.0.4664.45-alt2.p9.1 and 96.0.4664.45-alt2.p10.1 Chromium versions prior to 95.0.4638.69 MosOS (affected versions not specified) OpenSUSE (affected versions not specified) **Description** Multiple security issues were discovered in Chromium, potentially leading to arbitrary code execution, denial of service, or information disclosure. A heap corruption issue in the V8 JavaScript and WebAssembly engine, present in versions prior to 95.0.4638.69, could be exploited through a crafted HTML page. In some instances, malicious mods were distributed for the game Dota 2 via the Steam store, containing backdoors and exploiting the Chrome vulnerability CVE-2021-38003. These mods included `Overdog no annoying heroes`, `Custom Hero Brawl`, and `Overthrow RTZ Edition X10 XP`. The malicious code within these mods could be used for logging, executing system commands, creating coroutines, and sending HTTP GET requests. Security support for Chromium has been discontinued for the 'buster' distribution due to toolchain limitations. The `evil.lua` file was used to test server-side Lua execution capabilities. **Recommendations** Upgrade Chromium to version 97.0.4692.71-0.1~deb11u1. Upgrade qtwebengine5 to version 5.15.8. Upgrade ungoogled-chromium to version 113.0.5672.92-1.1. Upgrade chromedriver to version 95.0.4638.69-1.1. Upgrade nodejs-electron to version 13.6.2-1.1. Upgrade chromium-gost to versions 96.0.4664.45-alt2.p10.1. Upgrade Chromium to a version later than 95.0.4638.69. At the moment, there is no information about a newer version that contains a fix for this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 95.0.4638.54 **Description** The issue is caused by a race condition in the V8 JavaScript engine, which can lead to heap corruption. A remote attacker can potentially exploit this via a crafted HTML page, allowing them to bypass existing security restrictions. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 95.0.4638.54, update to version 95.0.4638.54 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable `V8` engine features until a patch is available. Avoid using crafted HTML pages that could trigger the heap corruption exploit.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.8 iPadOS versions prior to 14.8 Safari versions prior to 15 iOS versions prior to 15 iPadOS versions prior to 15 **Description** A memory corruption issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to code execution. **Recommendations** For iOS versions prior to 14.8, update to iOS 14.8 or later. For iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For Safari versions prior to 15, update to Safari 15 or later. For iOS versions prior to 15, update to iOS 15 or later. For iPadOS versions prior to 15, update to iPadOS 15 or later.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 6.1.2 iOS versions prior to 13.3.1 iPadOS versions prior to 13.3.1 tvOS versions prior to 13.3.1 macOS Catalina versions prior to 10.15.3 macOS Mojave versions prior to Security Update 2020-001 macOS High Sierra versions prior to Security Update 2020-001 **Description** An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted image may lead to arbitrary code execution. **Recommendations** For watchOS versions prior to 6.1.2, update to watchOS 6.1.2. For iOS versions prior to 13.3.1, update to iOS 13.3.1. For iPadOS versions prior to 13.3.1, update to iPadOS 13.3.1. For tvOS versions prior to 13.3.1, update to tvOS 13.3.1. For macOS Catalina versions prior to 10.15.3, update to macOS Catalina 10.15.3. For macOS Mojave versions prior to Security Update 2020-001, apply Security Update 2020-001. For macOS High Sierra versions prior to Security Update 2020-001, apply Security Update 2020-001.

**Name of the Vulnerable Software and Affected Versions** Apple iCloud versions prior to 7.19 and prior to 11.2 Apple iTunes versions prior to 12.10.7 Apple Safari versions prior to 13.1.1 Apple iPadOS versions prior to 13.5 Apple iPhoneOS versions prior to 13.5 Apple tvOS versions prior to 13.4.8 Apple watchOS versions prior to 6.2.8 **Description** The issue is related to authentication errors in the operating systems and services of Apple devices. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication, potentially allowing a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Apple iCloud versions prior to 7.19 and prior to 11.2, update to version 7.19 or 11.2 or later. For Apple iTunes versions prior to 12.10.7, update to version 12.10.8 or later. For Apple Safari versions prior to 13.1.1, update to version 13.1.2 or later. For Apple iPadOS versions prior to 13.5, update to version 13.6 or later. For Apple iPhoneOS versions prior to 13.5, update to version 13.6 or later. For Apple tvOS versions prior to 13.4.8, update to version 13.4.8 or later. For Apple watchOS versions prior to 6.2.8, update to version 6.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 13.6 Apple iPadOS versions prior to 13.6 Apple macOS Catalina versions prior to 10.15.6 Apple tvOS versions prior to 13.4.8 **Description** A logic issue was addressed with improved validation, allowing an attacker with memory write capability to potentially bypass pointer authentication codes and run arbitrary code. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For macOS Catalina versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For tvOS versions prior to 13.4.8, update to tvOS 13.4.8 or later.

**Name of the Vulnerable Software and Affected Versions** Apple macOS versions prior to 10.15.3 Apple tvOS versions prior to 13.3.1 Apple watchOS versions prior to 6.1.2 Apple Safari versions prior to 13.1.1 Apple iTunes versions prior to 12.10.7 for Windows Apple iCloud for Windows versions prior to 11.2 Apple iCloud for Windows versions prior to 7.19 WebKitGTK versions prior to 2.28.3 WPE WebKit versions prior to 2.28.3 openSUSE libjavascriptcoregtk-4 0-18-2.32.4-1.1 **Description** A logic flaw exists within the WebKit engine, potentially allowing a remote attacker to execute arbitrary code by processing maliciously crafted web content. This issue affects multiple Apple products, including macOS, tvOS, watchOS, Safari, iTunes, and iCloud for Windows. The vulnerability is related to improper restrictions and can be exploited through specially designed web pages. The issue has been actively exploited. The vulnerability affects WebKitGTK and WPE WebKit, potentially leading to cross-site scripting, denial of service, and arbitrary code execution. **Recommendations** Update Apple macOS to version 10.15.3 or later. Update Apple tvOS to version 13.3.1 or later. Update Apple watchOS to version 6.1.2 or later. Update Apple Safari to version 13.1.1 or later. Update Apple iTunes to version 12.10.7 or later for Windows. Update Apple iCloud for Windows to version 11.2 or later. Update Apple iCloud for Windows to version 7.19 or later. Update WebKitGTK to version 2.28.3 or later. Update WPE WebKit to version 2.28.3 or later. Update the libjavascriptcoregtk-4 0-18-2.32.4-1.1 package on openSUSE. Run `sudo pro fix USN-4422-1` to address the vulnerability in Ubuntu systems.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 2.4.1 **Description** The issue is related to an out-of-bounds read during RLE uncompression in the `rleUncompress` function in `ImfRle.cpp`. This can potentially allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `rleUncompress` function in `ImfRle.cpp` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 2.4.1 **Description** An issue in OpenEXR is related to an out-of-bounds read in ImfOptimizedPixelReading.h. This can potentially allow a remote attacker to cause a denial of service by exploiting the vulnerability. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `ImfOptimizedPixelReading.h` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 2.4.1 **Description** An issue in OpenEXR is related to an out-of-bounds write in the `copyIntoFrameBuffer` function in `ImfMisc.cpp`. This can potentially allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `copyIntoFrameBuffer` function in `ImfMisc.cpp` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 2.4.1 **Description** The issue is related to integer overflows in `CompositeDeepScanLine::Data::handleDeepFrameBuffer` and `readSampleCountForLineBlock` functions, allowing an attacker to write to an out-of-bounds pointer. This can lead to a denial of service. The vulnerability can be exploited by a remote attacker. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `CompositeDeepScanLine::Data::handleDeepFrameBuffer` and `readSampleCountForLineBlock` functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 2.4.1 **Description** The issue is related to an out-of-bounds read during Huffman uncompression. This can be demonstrated by the `FastHufDecoder::refill` function in `ImfFastHuf.cpp`. The exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `FastHufDecoder::refill` function in `ImfFastHuf.cpp` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** OpenEXR versions prior to 2.4.1 **Description** The issue is related to an out-of-bounds read and write in the `DwaCompressor::uncompress` function in `ImfDwaCompressor.cpp` when handling the UNKNOWN compression case. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `DwaCompressor::uncompress` function in `ImfDwaCompressor.cpp` until a patch is available.