Sebasteuo

**Name of the Vulnerable Software and Affected Versions** eml parser version 3.0.0 **Description** A recursion denial of service exists in the `get raw body text()` function within `eml parser/parser.py`. The function recurses unconditionally for every nested `message/rfc822` attachment without a depth limit. An attacker can provide a specially crafted EML file with approximately 120 nested `message/rfc822` parts to trigger an unhandled `RecursionError`, which aborts the parsing process and can crash a worker process. This issue is exploitable in deployments that ingest emails from external senders without basic validation. **Recommendations** Update eml parser to a version where recursion depth checks have been implemented for the `get raw body text()` function.

**Name of the Vulnerable Software and Affected Versions** Eclipse Open9J versions 0.21 through 0.58 **Description** A pre-authentication remote attacker can cause the JITServer to crash by sending a specifically crafted 32-byte TCP message. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions openFPGALoader versions 1.1.1 and earlier Description openFPGALoader is a utility for programming FPGAs. A heap-buffer-overflow read vulnerability exists in the `BitParser::parseHeader()` function when parsing a crafted .bit file, allowing out-of-bounds heap memory access. No FPGA hardware is required to trigger this issue. Recommendations Update to a version later than 1.1.1.

Name of the Vulnerable Software and Affected Versions openFPGALoader versions 1.1.1 and earlier Description A heap-buffer-overflow read issue exists in the `POFParser::parseSection()` function when processing a specially crafted .pof file. This allows out-of-bounds heap memory access. No FPGA hardware is needed to trigger this issue. Recommendations Update to a version later than 1.1.1.

Name of the Vulnerable Software and Affected Versions SDL image (affected versions not specified) Description The SDL image library has an issue where pixel index values from decoded XCF tile data are used directly as colormap indices without validation against the colormap size. A crafted .xcf file with a small colormap and out-of-range pixel indices can cause heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, potentially making them observable in the rendered image. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.2 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. A malicious Remote Desktop Protocol (RDP) server can cause a FreeRDP client to crash by sending audio data in IMA ADPCM format with an invalid initial step index value (greater than or equal to 89). The unvalidated step index is read directly from the network and used to index into a lookup table, triggering a failure and process termination. This affects any FreeRDP client with audio redirection (RDPSND) enabled, which is the default configuration. **Recommendations** Update to FreeRDP version 3.24.2 or later.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.2 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. An unvalidated `auth length` field read from the network triggers a WINPR ASSERT() failure in the `rts read auth verifier no checks()` function, causing FreeRDP clients connecting through a malicious RDP Gateway to crash. This is a pre-authentication denial of service affecting clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds. **Recommendations** Update to version 3.24.2 or later.