Thuan Pham

**Name of the Vulnerable Software and Affected Versions** libpng version 1.6.34 Oracle Java SE (affected versions not specified) **Description** The issue is related to a wrong calculation that may trigger an integer overflow and resultant divide-by-zero while processing a crafted file, leading to a denial of service. An unspecified vulnerability in Oracle Java SE could allow an unauthenticated attacker to take control of the system. **Recommendations** For libpng version 1.6.34, consider updating to a newer version to mitigate the risk. For Oracle Java SE, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 4.0.1 **Description** The issue arises from a missing check for negative values of the `mquant` variable in the `vc1 put blocks clamped` function, located in `libavcodec/vc1 block.c`. This can lead to an out-of-array access when converting a crafted AVI file to MPEG4, potentially resulting in information disclosure or a denial of service. **Recommendations** For FFmpeg version 4.0.1, consider applying a patch that adds a check for negative `mquant` values in the `vc1 put blocks clamped` function to prevent out-of-array access. As a temporary workaround, avoid converting crafted AVI files to MPEG4 until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 4.0.1 **Description** The issue is related to a missing check for failure of a call to `init get bits8()` in the `avpriv ac3 parse header` function in `libavcodec/ac3 parser.c`. This may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service. The vulnerability can be exploited by a remote attacker using a specially crafted AVI file, resulting in a denial of service. **Recommendations** For FFmpeg version 4.0.1, consider updating to a newer version that addresses this issue, as the current version may allow a denial of service attack through a crafted AVI file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 4.0.1 **Description** The issue is related to improper maintenance of consistency between the context profile field and studio profile in libavcodec, which may trigger an assertion failure when converting a crafted AVI file to MPEG4. This can lead to a denial of service. The affected components include error resilience.c, h263dec.c, and mpeg4videodec.c. A remote attacker can exploit this issue using a specially crafted AVI file. **Recommendations** For FFmpeg version 4.0.1, consider disabling the affected components, such as error resilience.c, h263dec.c, and mpeg4videodec.c, as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions 3.2 and 4.0.1 **Description** The issue arises from an improper argument (`AVCodecParameters`) passed to the `avpriv request sample` function in the `handle eac3` function, potentially triggering an out-of-array read when converting a crafted AVI file to MPEG4. This could lead to a denial of service and possibly an information disclosure. **Recommendations** For FFmpeg version 3.2, update to a version that includes a fix for this issue. For FFmpeg version 4.0.1, update to a version that includes a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 4.0.1 **Description** The issue is related to the `ff mpeg4 decode picture header` function in the `libavcodec/mpeg4videodec.c` component of the FFmpeg multimedia library. It is caused by a missing check of a profile value before setting it, which may trigger a NULL pointer dereference when converting a specially crafted AVI file to MPEG4. This can lead to a denial of service. The vulnerability can be exploited by a remote attacker using a specially created AVI file. **Recommendations** For FFmpeg version 4.0.1 and earlier, update to a version that includes the fix for the `ff mpeg4 decode picture header` function issue. As a temporary workaround, consider avoiding the use of the `ff mpeg4 decode picture header` function when converting AVI files to MPEG4 until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 4.0.1 **Description** The issue is related to the improper handling of frame types, other than EAC3 FRAME TYPE INDEPENDENT, that have multiple independent substreams in the handle eac3 function. This may trigger an out-of-array access while converting a crafted AVI file to MPEG4, potentially leading to a denial of service or allowing a remote attacker to execute arbitrary code using a specially crafted AVI file. **Recommendations** For FFmpeg version 4.0.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions 2.8 through 4.0 **Description** The issue is related to an improper integer type in the `mpeg4 encode gop header` function, which may cause an assertion violation when converting a crafted AVI file to MPEG4. This can lead to a denial of service. **Recommendations** For FFmpeg versions 2.8 through 4.0, consider updating to a newer version that addresses this issue, as the current version may trigger an assertion violation while converting crafted AVI files to MPEG4. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 4.0 **Description** The issue is related to a NULL pointer dereference in libavcodec when the studio profile is incorrectly detected while converting a crafted AVI file to MPEG4. This can lead to a denial of service. The problem is associated with the files idctdsp.c and mpegvideo.c. **Recommendations** For FFmpeg version 4.0, consider updating to a newer version that contains a fix for this issue, as the current version may trigger a denial of service when converting specific AVI files to MPEG4. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg version 4.0 **Description** The issue is related to an inconsistent bits-per-sample value in the `ff mpeg4 decode picture header` function, which may trigger an assertion violation when converting a crafted AVI file to MPEG4. This can lead to a denial of service. The vulnerability is caused by insufficient input validation, allowing a remote attacker to exploit it using a specially crafted AVI file. **Recommendations** For FFmpeg version 4.0, consider updating to a newer version that addresses this issue, as the current version may allow for a denial of service attack when processing crafted AVI files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WavPack versions 5.1.0 and earlier Description: An issue in WavPack for W64 input can cause out-of-bounds writes due to insufficient validation of unknown chunk sizes in the `ParseWave64HeaderConfig` function, located in `wave64.c`. This is related to a lack of integer-overflow protection within a `bytes to copy` calculation and a subsequent `malloc` call, leading to insufficient memory allocation. Recommendations: For WavPack versions 5.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WavPack versions 5.1.0 and earlier Description: A issue in the WAV parser component allows writing to memory due to the `ParseRiffHeaderConfig` function in `riff.c` not rejecting multiple format chunks. Recommendations: For versions 5.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WavPack versions 5.1.0 and earlier Description: An issue in the W64 parser component allows writing to memory. This is due to the `ParseWave64HeaderConfig` function in `wave64.c` not rejecting multiple format chunks. Recommendations: For versions 5.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WavPack versions 5.1.0 and earlier Description: An issue was discovered related to out-of-bounds writes due to insufficient validation of unknown chunk sizes in WAV input. This occurs because of a lack of integer-overflow protection within a bytes to copy calculation and subsequent malloc call, leading to insufficient memory allocation. Recommendations: For WavPack versions 5.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: WavPack versions 5.1.0 and earlier Description: An issue was discovered related to DSDiff input, where out-of-bounds writes can occur due to a lack of validation of unknown chunk sizes in the `ParseDsdiffHeaderConfig` function. This is caused by insufficient integer-overflow protection within a `bytes to copy` calculation and a subsequent `malloc` call, leading to insufficient memory allocation. Recommendations: For WavPack versions 5.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.30 **Description** The issue is related to the `concat filename` function in the `dwarf2.c` component of the GNU Binutils, which is associated with NULL pointer dereference errors. This allows a remote attacker to cause a denial of service, resulting in an application crash, via a crafted binary file. **Recommendations** For GNU Binutils version 2.30, consider updating to a newer version that contains a fix for this issue, as the current version is affected by the `concat filename` function vulnerability in the `dwarf2.c` component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.30 **Description** The issue is related to a heap-based buffer over-read and application crash in the `process cu tu index` function in `dwarf.c`. This can be exploited by remote attackers using a crafted binary file, leading to a denial of service. The vulnerability is associated with reading beyond the valid boundaries of a data buffer. **Recommendations** For GNU Binutils version 2.30, consider updating to a newer version that addresses this issue, as the current version is affected by the buffer over-read vulnerability in the `process cu tu index` function. As a temporary workaround, consider restricting the use of crafted binary files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue arises from the pe ILF object p function in the Binary File Descriptor library, which is part of GNU Binutils. This function is vulnerable to a heap-based buffer over-read due to its use of the strlen function instead of strnlen, potentially causing program crashes in utilities like addr2line, size, and strings. It may also lead to information disclosure. **Recommendations** For GNU Binutils version 2.28, consider updating to a newer version that addresses this issue, as the current version's use of strlen instead of strnlen in the pe ILF object p function poses a significant risk.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue arises from the `find nearest line` function in objdump, which is part of GNU Binutils. It is vulnerable to an invalid write when disassembling a corrupt binary containing an empty function name. This can lead to a program crash. **Recommendations** For GNU Binutils version 2.28, consider avoiding the disassembly of binaries with empty function names until a patch is available. As a temporary workaround, restrict the use of the `find nearest line` function in objdump when dealing with potentially corrupt binaries.

**Name of the Vulnerable Software and Affected Versions** GNU Binutils version 2.28 **Description** The issue arises from the `find nearest line` function in `addr2line` when it fails to handle the case where both the main file name and the directory name are empty. This failure leads to a NULL pointer dereference and an invalid write, resulting in a program crash. **Recommendations** For GNU Binutils version 2.28, consider avoiding the use of the `find nearest line` function in `addr2line` until a patch is available, or apply any available configuration changes that might mitigate the risk of the NULL pointer dereference. At the moment, there is no information about a newer version that contains a fix for this vulnerability.