Treeplus

**Name of the Vulnerable Software and Affected Versions** GLib (affected versions not specified) **Description** A flaw exists in GLib related to its Unicode case conversion implementation. An integer overflow can lead to memory corruption when processing specially crafted, large Unicode strings. This overflow can cause an undersized memory allocation, resulting in out-of-bounds writes, potentially leading to application crashes or instability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GLib (affected versions not specified) **Description** A flaw exists in the GLib Base64 encoding routine when handling very large input data. The issue stems from the incorrect use of integer types during length calculation, potentially leading to miscalculation of buffer boundaries. This can result in memory writes outside the allocated buffer. Applications utilizing GLib to process untrusted or extremely large Base64 input may experience crashes or unpredictable behavior. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Glib (affected versions not specified) **Description** A buffer underflow issue exists in Glib's content type parsing logic. The issue stems from storing the length of a header line in a signed integer, potentially causing integer wraparound with large inputs. This can lead to pointer underflow and out-of-bounds memory access. Successful exploitation requires a local user to install or process a specially crafted treemagic file, potentially resulting in local denial of service or application instability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsoup (affected versions not specified) **Description** A flaw exists in the NTLM authentication handling of the libsoup HTTP library. An improper use of signed integers during a size calculation when processing long passwords can lead to an integer overflow. This results in incorrect memory allocation on the stack and subsequent unsafe memory copying. This can cause applications using libsoup to crash, leading to a denial-of-service condition. A local attacker can exploit a stack-based buffer overflow in the `md4sum()` function when NTLM authentication is enabled, potentially allowing arbitrary code execution with the privileges of the affected application. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.