Suhwan

**Name of the Vulnerable Software and Affected Versions** Artifex Software MuPDF version 1.16.0 **Description** A Use After Free vulnerability in the `svg dev text span as paths defs` function in `source/fitz/svg-device.c` allows remote attackers to cause a denial of service via the opening of a crafted PDF file. **Recommendations** For Artifex Software MuPDF version 1.16.0, consider disabling the `svg dev text span as paths defs` function until a patch is available to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nasm version 2.15rc0 **Description** The issue is related to a Buffer Overflow vulnerability in the scan function in stdscan.c. This vulnerability allows remote attackers to cause a denial of service via crafted asm files. **Recommendations** For nasm version 2.15rc0, consider updating to a newer version that contains a fix for this issue, as using crafted asm files can lead to a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nasm version 2.15rc0 **Description** A Buffer Overflow issue in the `hash findi` function in `hashtbl.c` allows remote attackers to cause a denial of service via crafted asm files. This issue is related to the `hash findi` function, but no further technical details are provided. **Recommendations** For nasm version 2.15rc0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** nasm versions prior to 2.15.04 **Description** A stack-use-after-scope issue was discovered in the `expand mmac params` function in preproc.c, allowing remote attackers to cause a denial of service via a crafted asm file. This issue affects the `nasm` software and can be exploited by sending a specially crafted file to the affected system. **Recommendations** For versions prior to 2.15.04, update to version 2.15.04 or later to resolve the issue. As a temporary workaround, consider restricting access to the `preproc.c` component or the `expand mmac params` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** nasm versions 2.14.03 through 2.15 **Description** A Segmentation Fault issue in the ieee segment function in outieee.c allows remote attackers to cause a denial of service via crafted assembly files. **Recommendations** For nasm versions 2.14.03 through 2.15, consider updating to a version that fixes the Segmentation Fault issue in the ieee segment function to prevent denial of service attacks via crafted assembly files.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.15rc10 **Description** The issue can cause a SEGV in the tok text function located in asm/preproc.c when accessing READ memory. **Recommendations** For Netwide Assembler (NASM) version 2.15rc10, consider avoiding the use of the tok text function in asm/preproc.c until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Netwide Assembler (NASM) version 2.15rc10 **Description** The issue is related to a heap use-after-free in the `saa wbytes` function located in `nasmlib/saa.c`. **Recommendations** For Netwide Assembler (NASM) version 2.15rc10, consider updating to a newer version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Artifex Software GhostScript versions prior to 9.51 **Description** A buffer overflow issue in the contrib/gdevdj9.c component of GhostScript allows a remote attacker to cause a denial of service via a crafted PDF file. The exploitation of this issue can lead to a denial of service. **Recommendations** For versions prior to 9.51, update to version 9.51 or later to resolve the issue. As a temporary workaround, consider restricting the processing of crafted PDF files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** GhostScript versions prior to 9.51 **Description** A buffer overflow issue in the `cif print page()` function allows a remote attacker to cause a denial of service via a crafted PDF file. The issue is related to a buffer overflow in memory. **Recommendations** For versions prior to 9.51, update to version 9.51 to resolve the issue. As a temporary workaround, consider restricting the use of the `cif print page()` function in devices/gdevcif.c until the update is applied.

**Name of the Vulnerable Software and Affected Versions** GhostScript versions prior to 9.51 **Description** A null pointer dereference issue in the devices/gdevtsep.c component of GhostScript allows a remote attacker to cause a denial of service via a crafted postscript file. **Recommendations** For versions prior to 9.51, update to version 9.51 to resolve the issue. As a temporary workaround, consider restricting the processing of postscript files from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Artifex Software GhostScript versions 9.50 **Description** The issue is related to a buffer overflow in the `lprn is black()` function, located in `contrib/lips4/gdevlprn.c`, which can be exploited by a remote attacker to cause a denial of service. This can be achieved via a crafted PDF file. **Recommendations** For Artifex Software GhostScript version 9.50, update to version 9.51 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Artifex Software GhostScript versions 9.50 **Description** A buffer overflow issue in the `pcx write rle()` function allows a remote attacker to cause a denial of service via a crafted PDF file. **Recommendations** For Artifex Software GhostScript version 9.50, update to version 9.51 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Ghostscript versions prior to 9.51 **Description** The issue is related to a buffer overflow in the `jetp3852 print page()` function, which can be exploited by a remote attacker to cause a denial of service. This can be achieved via a crafted PDF file. **Recommendations** For Ghostscript versions prior to 9.51, update to version 9.51 to resolve the issue. As a temporary workaround, consider restricting the use of the `jetp3852 print page()` function in the `devices/gdev3852.c` file until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Artifex Software GhostScript versions prior to 9.51 **Description** The issue is related to a null pointer dereference vulnerability in the devices/vector/gdevtxtw.c and psi/zbfont.c components of Ghostscript. This vulnerability can be exploited by a remote attacker to cause a denial of service via a crafted postscript file. **Recommendations** For versions prior to 9.51, update to version 9.51 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components devices/vector/gdevtxtw.c and psi/zbfont.c to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GhostScript versions 9.50 **Description** A buffer overflow issue in the `pj common print page()` function allows a remote attacker to cause a denial of service via a crafted PDF file. **Recommendations** For GhostScript version 9.50, update to version 9.51 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Artifex Software GhostScript version 9.50 **Description** A buffer overflow vulnerability in the `mj color correct()` function in `contrib/japanese/gdevmjc.c` allows a remote attacker to cause a denial of service via a crafted PDF file. **Recommendations** For Artifex Software GhostScript version 9.50, update to version 9.51 to resolve the issue. As a temporary workaround, consider restricting the processing of crafted PDF files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Ghostscript versions prior to 9.51 **Description** The issue is related to a division by zero error in the `dot24 print page()` function, located in `devices/gdevdm24.c`, which can be exploited by a remote attacker to cause a denial of service. This can be achieved through a crafted PDF file. **Recommendations** For Ghostscript versions prior to 9.51, update to version 9.51 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `dot24 print page()` function until a patch is available. Avoid processing untrusted or crafted PDF files with affected versions of Ghostscript to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Ghostscript versions prior to 9.51 **Description** The issue is related to a buffer overflow in the `image render color thresh()` function, which can be exploited by a remote attacker to cause a denial of service or potentially escalate privileges. This can be achieved through a crafted eps file. **Recommendations** For Ghostscript versions prior to 9.51, update to version 9.51 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `image render color thresh()` function in the `base/gxicolor.c` file until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GhostScript versions prior to 9.51 **Description** A null pointer dereference issue in the `compose group nonknockout nonblend isolated allmask common()` function in `base/gxblend.c` allows a remote attacker to cause a denial of service via a crafted PDF file. **Recommendations** For GhostScript versions prior to 9.51, update to version 9.51 to resolve the issue. As a temporary workaround, consider restricting the processing of crafted PDF files until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Ghostscript versions prior to 9.51 **Description** The issue is related to a null pointer dereference vulnerability in the `clj media size()` function, located in `devices/gdevclj.c`, which can be exploited by a remote attacker to cause a denial of service. This can be achieved via a crafted PDF file. **Recommendations** For Ghostscript versions prior to 9.51, update to version 9.51 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted PDF files to minimize the risk of exploitation.