Seviezhou

**Name of the Vulnerable Software and Affected Versions** json-c versions 0.14 through 0.15-20200726 **Description** A stack-buffer-overflow issue exists in the json parse auxiliary sample program, specifically in the `parseit` function. This issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For json-c versions 0.14 through 0.15-20200726, consider disabling the `parseit` function as a temporary workaround until a patch is available. Restrict access to the json parse auxiliary sample program to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** asn1c versions prior to 0.9.29 **Description** An issue exists in the ` default error logger()` function located in `asn1fix.c`, which allows an attacker to cause Denial of Service due to a NULL pointer dereference. **Recommendations** For versions prior to 0.9.29, update to version 0.9.29 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` default error logger()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** asn1c versions prior to 0.9.29 **Description** A stack-based buffer overflow issue exists via the `genhash get` function in `genhash.c`. **Recommendations** For versions prior to 0.9.29, update to version 0.9.29 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: swftools versions through 20200710 Description: An issue exists in the function `InfoOutputDev::type3D0()` located in `InfoOutputDev.cc`, which allows an attacker to cause Denial of Service due to a NULL pointer dereference. Recommendations: For versions through 20200710, as a temporary workaround, consider disabling the `InfoOutputDev::type3D0()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: sela through 20200412 Description: An issue was discovered in the `file::SelaFile::readFromFile()` function in `sela file.c`, which has a heap-based buffer overflow. Recommendations: For sela through 20200412, as a temporary workaround, consider disabling the `readFromFile()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: libjpeg versions through 2020021 Description: An issue exists in the function `BlockBitmapRequester::PushReconstructedData()` located in blockbitmaprequester.cpp, allowing an attacker to cause Denial of Service due to a NULL pointer dereference. Recommendations: For libjpeg versions through 2020021, as a temporary workaround, consider disabling the `BlockBitmapRequester::PushReconstructedData()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libslax versions prior to 0.22.2 Description: An issue was discovered in libslax, where the `slaxLexer()` function in `slaxlexer.c` has a heap-based buffer overflow. Recommendations: For versions prior to 0.22.2, update to version 0.22.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `slaxLexer()` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: libredwg versions through v0.10.1.3751 Description: An issue was discovered in libredwg, where the function bit read fixed() in bits.c has a heap-based buffer overflow. Recommendations: For versions through v0.10.1.3751, consider restricting access to the bit read fixed() function in bits.c until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libredwg versions through 0.10.1.3751 Description: A heap-based buffer overflow issue was discovered in the appinfo private() function, located in decode.c. This issue may be exploited, potentially leading to unintended consequences. Recommendations: For versions through 0.10.1.3751, consider restricting access to the appinfo private() function in decode.c until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libslax versions prior to 0.22.2 Description: An issue was discovered in libslax. The `slaxLexer()` function in `slaxlexer.c` has a stack-based buffer overflow. Recommendations: For versions prior to 0.22.2, update to version 0.22.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `slaxLexer()` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: libredwg versions prior to v0.10.1.3751 Description: The issue is related to a heap-based buffer overflow in the `bit wcs2len()` function, located in `bits.c`. This overflow can occur due to improper handling of data, potentially leading to memory corruption and other security issues. Recommendations: For versions prior to v0.10.1.3751, consider restricting access to the `bit wcs2len()` function in `bits.c` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libredwg versions prior to v0.10.1.3752 Description: An issue was discovered in libredwg. The bit wcs2nlen() function in bits.c has a heap-based buffer overflow. Recommendations: For versions prior to v0.10.1.3752, update to a version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: libjpeg versions through 2020021 Description: An issue was discovered in libjpeg, where the LineBuffer::FetchRegion() function in linebuffer.cpp has a heap-based buffer overflow. Recommendations: For versions through 2020021, as a temporary workaround, consider disabling the `LineBuffer::FetchRegion()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libjpeg versions through 2020021 Description: An issue in the function `ACLosslessScan::ParseMCU()` located in `aclosslessscan.cpp` allows an attacker to cause Denial of Service due to an uncaught floating point exception. Recommendations: For libjpeg versions through 2020021, as a temporary workaround, consider disabling the `ACLosslessScan::ParseMCU()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: libiff versions prior to 20190124 Description: A global buffer overflow issue exists in the function `IFF errorId` located in error.c, allowing an attacker to cause code execution. Recommendations: For versions prior to 20190124, consider updating to a version newer than 20190123 to resolve the issue. As a temporary workaround, consider restricting access to the `IFF errorId` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: pbrt versions prior to 20200628 Description: An issue exists in the function pbrt::ParamSet::ParamSet() located in paramset.h, allowing an attacker to cause code execution due to a stack-buffer-overflow. Recommendations: For versions prior to 20200628, update to a version newer than 20200627 to resolve the issue. As a temporary workaround, consider restricting access to the pbrt::ParamSet::ParamSet() function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Bento4 versions through 1.6.0-637 Description: An issue exists in the function `AP4 MemoryByteStream::WritePartial()` located in `Ap4ByteStream.cpp`, which allows for a global-buffer-overflow. This enables an attacker to cause code execution or information disclosure. Recommendations: For versions through 1.6.0-637, consider disabling the `AP4 MemoryByteStream::WritePartial()` function until a patch is available to prevent potential code execution or information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: heif versions prior to 3.6.3 Description: A global buffer overflow issue exists in the HevcDecoderConfigurationRecord::getPicWidth() function, located in hevcdecoderconfigrecord.cpp. This issue allows an attacker to cause code execution. Recommendations: For versions prior to 3.6.3, update to version 3.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the HevcDecoderConfigurationRecord::getPicWidth() function until a patch is available.

Name of the Vulnerable Software and Affected Versions: heif versions prior to 3.6.3 Description: A global buffer overflow issue exists in the HevcDecoderConfigurationRecord::getPicHeight() function, located in hevcdecoderconfigrecord.cpp. This issue allows an attacker to cause code execution. Recommendations: For versions prior to 3.6.3, update to version 3.6.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the HevcDecoderConfigurationRecord::getPicHeight() function until a patch is available.

Name of the Vulnerable Software and Affected Versions: libredwg versions prior to 0.10.1.3751 Description: An issue exists in the function `bit read BB()` located in `bits.c`, which allows an attacker to cause Denial of Service due to a NULL pointer dereference. Recommendations: For versions prior to 0.10.1.3751, as a temporary workaround, consider disabling the `bit read BB()` function until a patch is available.