Sergej Schumilo

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. The flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in `process tx desc` if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 5.1.1 **Description** The issue is related to a NULL pointer dereference in the `pci change irq level` function in `hw/pci/pci.c`. This occurs because `pci get bus()` might not return a valid pointer, potentially allowing an attacker to cause a denial of service. **Recommendations** For versions prior to 5.1.1, update to version 5.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `pci change irq level` function in `hw/pci/pci.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** QEMU versions 3.1.x through 4.0.0 **Description** The issue is related to a NULL pointer dereference in the `interface release resource` function in `hw/display/qxl.c`. This could potentially allow a remote attacker to cause a denial of service. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For QEMU versions 3.1.x through 4.0.0, consider disabling the `interface release resource` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gnuplot version 5.2.5 **Description** An issue in datafile.c allows an attacker to conduct a heap-based buffer overflow with an arbitrary amount of data in `df generate ascii array entry()`. This can be exploited by passing an overlong string as the right bound of the range argument to the `plot()` function. **Recommendations** For Gnuplot version 5.2.5, as a temporary workaround, consider restricting the input to the `plot()` function to prevent overlong strings from being passed as the right bound of the range argument. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gnuplot version 5.2.5 **Description** A buffer overflow issue exists due to a missing size check of an argument passed to the `set font` function, specifically in the `cairotrm options` function when the Gnuplot pngcairo terminal is used as a backend. This allows an attacker to conduct a buffer overflow with an arbitrary amount of data. **Recommendations** For Gnuplot version 5.2.5, consider disabling the `cairotrm options` function or restricting the use of the pngcairo terminal as a backend until a patch is available. Avoid using the `set font` function with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gnuplot version 5.2.5 **Description** An issue in Gnuplot allows an attacker to conduct a buffer overflow with an arbitrary amount of data in the `PS options` function. This flaw is caused by a missing size check of an argument passed to the `set font` function. The issue occurs when the Gnuplot postscript terminal is used as a backend. **Recommendations** For Gnuplot version 5.2.5, consider disabling the `PS options` function or restricting the use of the postscript terminal as a backend until a patch is available. Avoid using the `set font` function with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** mruby version 1.4.1 **Description** The issue concerns a signed integer overflow in the CHECK macro within the mrbgems/mruby-sprintf/src/sprintf.c file of mruby. This overflow could potentially lead to out-of-bounds memory access due to the mrb str resize function in string.c not checking for negative lengths. **Recommendations** For mruby version 1.4.1, consider applying a patch or fix that addresses the signed integer overflow in the CHECK macro to prevent potential out-of-bounds memory access. As a temporary workaround, restrict the use of the mrb str resize function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 4.15.0 **Description** The issue is related to the ntfs end buffer async read function in the ntfs.ko filesystem driver, which allows attackers to trigger a stack-based out-of-bounds write. This can cause a denial of service, resulting in a kernel oops or panic, and may have other unspecified impacts. The attack can be initiated via a crafted ntfs filesystem. **Recommendations** For Linux kernel version 4.15.0, consider upgrading to a newer version that includes a fix for this issue. As a temporary workaround, restrict access to the ntfs.ko filesystem driver to minimize the risk of exploitation. Avoid using the ntfs filesystem until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 4.15.0 **Description** A NULL pointer dereference issue was found in the hfs ext read extent function within the hfs.ko module. This issue can be triggered when mounting a specially crafted hfs filesystem. **Recommendations** For Linux kernel version 4.15.0, consider disabling the hfs.ko module to prevent the exploitation of this issue until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 4.15.0 **Description** The issue is related to the ntfs read locked inode function in the ntfs.ko filesystem driver, which allows attackers to trigger a use-after-free read. This could potentially cause a denial of service, resulting in a kernel oops or panic, via a crafted ntfs filesystem. **Recommendations** For Linux kernel version 4.15.0, consider updating to a newer version that contains a fix for this issue, as using a crafted ntfs filesystem could lead to a denial of service.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 4.15.0 **Description** The issue is related to the ntfs attr find function in the ntfs.ko filesystem driver, which allows attackers to trigger a stack-based out-of-bounds write. This can cause a denial of service, resulting in a kernel oops or panic, and may have other unspecified impacts. The attack is possible via a crafted ntfs filesystem. **Recommendations** For Linux kernel version 4.15.0, consider upgrading to a newer version that includes a fix for this issue. As a temporary workaround, restrict access to ntfs filesystems to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.30 **Description** An issue was discovered in the arm pt function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils. This issue leads to stack exhaustion in the C++ demangling functions provided by libiberty. The functions involved include demangle arm hp template, demangle class name, demangle fund type, do type, do arg, demangle args, and demangle nested args. This can occur during the execution of nm-new. **Recommendations** For GNU Binutils version 2.30, consider updating to a newer version to mitigate the risk of stack exhaustion in the C++ demangling functions. As a temporary workaround, consider restricting the use of the nm-new execution to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.7-29 and earlier **Description** A memory leak was found in the formatIPTCfromBuffer function in coders/meta.c. **Recommendations** For versions 7.0.7-29 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ImageMagick versions 7.0.7-29 and earlier **Description** The issue is related to a null pointer dereference in the ReadOneJNGImage function of the coders/png.c component. This can be exploited by a remote attacker to cause a denial of service, resulting in a WriteBlob assertion failure and application exit, via a crafted file. **Recommendations** For ImageMagick versions 7.0.7-29 and earlier, as a temporary workaround, consider disabling the ReadOneJNGImage function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.30 **Description** The issue is related to a NULL pointer dereference error in the `work stuff copy to from` function of the `cplus-dem.c` component. This error can be exploited by a remote attacker to cause a denial of service. The vulnerability can occur during the execution of `objdump`. **Recommendations** For GNU Binutils version 2.30, consider updating to a newer version that contains a fix for this issue, as the current version is affected by the NULL pointer dereference error in the `work stuff copy to from` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** The issue is related to a buffer overflow in the HFS component of the Mac OS X operating system. This can be exploited by a remote attacker using a specially crafted application, potentially allowing them to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** The issue involves the `APFS` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the aforementioned outcomes. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `APFS` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash, via a crafted USB device without two interrupt-in endpoint descriptors. This is due to a problem in the `mct u232 msr to state` function. **Recommendations** For Linux kernel versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted USB devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue allows physically proximate attackers to cause a denial of service, resulting in a NULL pointer dereference and system crash. This is achieved via a crafted `endpoints` value in a USB device descriptor, specifically targeting the `digi port init` function in the Linux kernel. **Recommendations** For Linux kernel versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to USB devices to minimize the risk of exploitation.