Strongcourage

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to a NULL pointer dereference in the `DCTStream::getChar` function, allowing attackers to cause a Denial of Service due to an invalid read of size 1. This can lead to a crash or other unintended behavior. Recommendations: For PDF2JSON version 0.70, consider disabling the `DCTStream::getChar` function as a temporary workaround until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Gpac MP4Box version 0.8.0 **Description** The issue is related to an invalid read in the `ilst item Read` function, located in the `box code apple.c` component of the GPAC multimedia platform. This can lead to a Denial of Service. The vulnerability is associated with pointer dereference errors. An attacker can exploit this vulnerability to cause a disruption in service. **Recommendations** For Gpac MP4Box version 0.8.0, consider disabling the `ilst item Read` function as a temporary workaround until a patch is available. Restrict access to the `box code apple.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: sam2p version 0.49.4 Description: The issue is related to a floating point exception in the `ReadImage` function, which leads to a Segmentation fault. A crafted input can cause a denial of service or possibly other unspecified impacts. Recommendations: For sam2p version 0.49.4, consider updating to a newer version that addresses the floating point exception issue in the `ReadImage` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: sam2p version 0.49.4 Description: The issue is caused by an invalid memory access bug in cgif.c, leading to a Segmentation fault. A crafted input can result in a denial of service or possibly other unspecified impacts. Recommendations: For sam2p version 0.49.4, consider restricting the use of the cgif.c module to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: An issue has been found in the function CCITTFaxStream::lookChar that allows attackers to cause a Denial of Service due to an invalid write of size 2. Recommendations: For PDF2JSON version 0.70, consider disabling the CCITTFaxStream::lookChar function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to the function `Gfx::doShowText` and allows attackers to cause a Denial of Service due to a Use After Free. This can lead to a disruption in service, but no further details are provided about the estimated number of potentially affected devices or real-world incidents. Recommendations: For PDF2JSON version 0.70, consider disabling the `Gfx::doShowText` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to the function `DCTStream::decodeImage` and allows attackers to cause a Denial of Service due to an uncaught floating point exception. Recommendations: For PDF2JSON version 0.70, consider disabling the `DCTStream::decodeImage` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to the function `DCTStream::readHuffSym` and allows attackers to cause a Denial of Service due to an invalid read of size 2. Recommendations: For PDF2JSON version 0.70, consider disabling the `DCTStream::readHuffSym` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to the function `DCTStream::decodeImage` and allows attackers to cause a Denial of Service due to an invalid read of size 4. Recommendations: For PDF2JSON version 0.70, consider disabling the `DCTStream::decodeImage` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to the function `DCTStream::transformDataUnit` and allows attackers to cause a Denial of Service due to an invalid read of size 1. Recommendations: For PDF2JSON version 0.70, consider disabling the `DCTStream::transformDataUnit` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to the function DCTStream::transformDataUnit, which can cause a Denial of Service due to an Illegal Use After Free. This allows attackers to exploit the issue. Recommendations: For PDF2JSON version 0.70, consider disabling the DCTStream::transformDataUnit function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to a null pointer dereference in the `EmbedStream::getChar` function, allowing attackers to cause a Denial of Service due to an invalid read of size 8. This occurs in the `EmbedStream::getChar` function. Recommendations: For PDF2JSON version 0.70, consider disabling the `EmbedStream::getChar` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: The issue is related to the function `DCTStream::reset` and allows attackers to cause a Denial of Service due to an invalid write of size 8. Recommendations: For PDF2JSON version 0.70, consider disabling the `DCTStream::reset` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: An issue in the `vfprintf` function allows attackers to cause a Denial of Service due to a stack overflow. Recommendations: For PDF2JSON version 0.70, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: PDF2JSON version 0.70 Description: An issue in the `ObjectStream::getObject` function allows attackers to cause a Denial of Service due to an invalid read of size 4. Recommendations: For PDF2JSON version 0.70, consider disabling the `ObjectStream::getObject` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Academy Software Foundation OpenEXR version 2.3.0 **Description** A Null Pointer Deference issue exists in the generatePreview function in makePreview.cpp that can cause a denial of service via a crafted EXR file. This issue is related to errors in pointer dereference, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** For version 2.3.0, consider disabling the `generatePreview` function in makePreview.cpp as a temporary workaround until a patch is available. Restrict access to crafted EXR files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenEXR version 2.3.0 **Description** A head-based buffer overflow exists in the `writeTileData` function of OpenEXR that can cause a denial of service via a crafted EXR file. This issue is related to writing beyond the boundaries of a buffer. Exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For OpenEXR version 2.3.0, consider disabling the `writeTileData` function in `ImfTiledOutputFile.cpp` to prevent exploitation until a patch is available. Avoid using crafted EXR files that could trigger the buffer overflow. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Academy Software Foundation OpenEXR version 2.3.0 **Description** A heap-based buffer overflow issue exists in the `chunkOffsetReconstruction` function within the `ImfMultiPartInputFile.cpp` file. This can cause a denial of service when a crafted EXR file is used. The vulnerability is related to a buffer overflow, which may allow a remote attacker to cause a service disruption. **Recommendations** For Academy Software Foundation OpenEXR version 2.3.0, consider disabling the `chunkOffsetReconstruction` function in `ImfMultiPartInputFile.cpp` as a temporary workaround until a patch is available. Restrict access to crafted EXR files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC version 0.8.0 **Description** An issue in libgpac.a, as demonstrated by MP4Box, leads to improper decision-making in `audio sample entry Read` in isomedia/box code base.c regarding `gf isom box del` calls. This results in use-after-free outcomes involving `mdia Read`, `gf isom delete movie`, and `gf isom parse movie boxes`. **Recommendations** For GPAC version 0.8.0, consider disabling the `audio sample entry Read` function in isomedia/box code base.c as a temporary workaround until a patch is available. Restrict access to the `libgpac.a` library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libheif version 1.4.0 **Description** The issue is related to an invalid memory read in the `heif::Box iref::get references` function, which can cause a Denial of Service or potentially other unspecified impact. It is also associated with a buffer data boundary read, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For libheif version 1.4.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.