Sleicaspero

**Name of the Vulnerable Software and Affected Versions** tinyexr version 1.0.1 **Description** The issue is a heap-based buffer over-read in the `tinyexr::DecodePixelData` function. **Recommendations** For tinyexr version 1.0.1, consider disabling the `tinyexr::DecodePixelData` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libjxl version 0.6.1 **Description** The issue is related to an assertion failure in the `LowMemoryRenderPipeline::Init()` function, located in the `render pipeline/low memory render pipeline.cc` file. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For libjxl version 0.6.1, consider disabling the `LowMemoryRenderPipeline::Init()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libjpeg versions prior to 1.64 **Description** The issue is related to an assertion failure in the `SingleComponentLSScan::ParseMCU` function in `singlecomponentlsscan.cpp`. This failure occurs when processing an empty JPEG-LS scan in libjpeg. **Recommendations** For versions prior to 1.64, update to version 1.64 or later to resolve the issue. As a temporary workaround, consider avoiding the use of empty JPEG-LS scans until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libjpeg versions prior to 1.64 **Description** The issue is related to an assertion failure in BitStream<false>::Get in bitstream.hpp, which may cause denial of service. This occurs due to out-of-bounds array access during specific scan modes, including arithmetically coded lossless scan or arithmetically coded sequential scan. **Recommendations** For versions prior to 1.64, update to version 1.64 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** libsixel version 1.8.6 **Description** The issue is related to an uninitialized pointer in the `load png` function in `loader.c` in `libsixel.a` of libsixel, leading to an invalid call to `free()`, which can cause a denial of service. **Recommendations** For libsixel version 1.8.6, consider updating to a newer version that contains a fix for this issue, as the current version has an uninitialized pointer that can lead to a denial of service.

**Name of the Vulnerable Software and Affected Versions** stb versions 1.22 and earlier **Description** The issue is related to an assertion failure in the stbtt cff int function. **Recommendations** For versions 1.22 and earlier, update to a version that fixes the assertion failure in the stbtt cff int function.

**Name of the Vulnerable Software and Affected Versions** stb image.h versions 2.23 **Description** The issue is related to an insufficient use of the assert() function in the stb image.h component of the Libsixel library for C/C++. This allows a remote attacker to cause a denial of service. **Recommendations** For version 2.23, consider disabling the `stbi shiftsigned` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ffjpeg through 2019-08-21 **Description** The issue is related to a NULL pointer dereference in the bitstr tell function at bitstr.c, specifically concerning jfif encode. **Recommendations** For versions through 2019-08-21, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** ffjpeg through 2019-08-21 **Description** The issue is related to a divide-by-zero error in the `jfif decode` function, located in `jfif.c`. This error occurs in ffjpeg. **Recommendations** For ffjpeg through 2019-08-21, consider updating to a version released after 2019-08-21 to resolve the issue. As a temporary workaround, consider restricting the use of the `jfif decode` function in `jfif.c` to minimize the risk of exploitation.