Tianxiaoguo

**Name of the Vulnerable Software and Affected Versions** ADMesh versions 0.98.4 and earlier **Description** The issue is a heap-based buffer over-read in the `stl update connects remove 1` function, which is called from `stl remove degenerate`, located in `connect.c` in `libadmesh.a`. This function is part of the ADMesh library. **Recommendations** For ADMesh versions 0.98.4 and earlier, consider updating to a version later than 0.98.4 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** stb image.h version 2.19 **Description** The issue is a heap-based buffer overflow in the `stbi out gif code` function. This problem affects products that use stb image.h, including catimg and Emscripten. **Recommendations** For stb image.h version 2.19, consider updating to a newer version to resolve the issue. As a temporary workaround, consider restricting the use of the `stbi out gif code` function until a patch is available.