Sean Amoss

**Name of the Vulnerable Software and Affected Versions** libfpx versions prior to 1.3.1-1 **Description** A double free issue in the `Free All Memory` function in `jpeg/dectile.c` allows remote attackers to cause a denial of service, resulting in a crash, via a crafted FPX image. **Recommendations** For versions prior to 1.3.1-1, update to version 1.3.1-1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SquidClamav versions prior to 5.8 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters to various CGI scripts. The vulnerable parameters include `url`, `virus`, `source`, and `user`. The affected scripts are located in the cgi-bin/ directory and include different language versions of clwarn.cgi. **Recommendations** For SquidClamav versions prior to 5.8, update to version 5.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the clwarn.cgi scripts and their language variants in the cgi-bin/ directory until the update is applied. Avoid using the vulnerable parameters `url`, `virus`, `source`, and `user` in the affected API endpoints until the issue is resolved.