Ulf Härnhammar

**Name of the Vulnerable Software and Affected Versions** Asterisk Open Source versions prior to 11.2.2 **Description** The issue is related to a stack-based buffer overflow in the res/res format attr h264.c file, which allows remote attackers to execute arbitrary code via a long sprop-parameter-sets H.264 media attribute in a SIP Session Description Protocol (SDP) header. **Recommendations** For versions prior to 11.2.2, update to version 11.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `res/res format attr h264.c` file or limiting the length of the sprop-parameter-sets H.264 media attribute in SIP SDP headers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** enscript versions 1.6.1 through 1.6.4 **Description** The issue concerns multiple vulnerabilities in the enscript package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. A buffer overflow in enscript before version 1.6.4 has an unknown impact and attack vectors, possibly related to the font escape sequence. **Recommendations** For enscript version 1.6.1, update to a version later than 1.6.4 to resolve the issue. For enscript version 1.6.4, update to a version later than 1.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the enscript package until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Evolution versions 1.4 through 2.3.6.1 **Description** The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via calendar entries, such as task lists, which are not properly handled when the user selects the Calendars tab. **Recommendations** For versions 1.4 through 2.3.6.1, consider restricting access to calendar entries until a patch is available. As a temporary workaround, avoid selecting the Calendars tab to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Evolution versions 1.5 through 2.3.6.1 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple format string vulnerabilities. These vulnerabilities can be exploited through full vCard data, contact data from remote LDAP servers, or task list data from remote servers. **Recommendations** For Evolution versions 1.5 through 2.3.6.1, update to a version that contains a fix for this issue to prevent potential exploitation.

Name of the Vulnerable Software and Affected Versions: gzip versions 1.2.4 through 1.3.5 Description: A directory traversal issue exists in the gunzip -N function of gzip, allowing remote attackers to write to arbitrary directories by including a .. (dot dot) in the original filename within a compressed file. Recommendations: For versions 1.2.4 through 1.3.5, consider updating to a version that fixes this issue, as using the gunzip -N function with untrusted compressed files may lead to arbitrary directory writing. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IlohaMail versions 0.8.14 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the e-mail body, filename, or MIME type, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For versions 0.8.14 and earlier, update to a version later than 0.8.14 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Axel versions prior to 1.0b **Description** The issue is related to a buffer overflow in the HTTP redirection capability. This could potentially allow remote attackers to execute arbitrary code. **Recommendations** For versions prior to 1.0b, update to version 1.0b or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mailreader versions prior to 2.3.29 **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages. **Recommendations** For versions prior to 2.3.29, update to version 2.3.29 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** typespeed versions 0.4.1 and earlier **Description** A local user can gain privileges due to an unknown issue in the software. **Recommendations** For versions 0.4.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Sword version 1.5.7a **Description** The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a URL, specifically affecting the diatheke.pl component. **Recommendations** For Sword version 1.5.7a, consider restricting access to the diatheke.pl component until a patch is available to prevent the execution of arbitrary commands via shell metacharacters in a URL.

**Name of the Vulnerable Software and Affected Versions** Metamail versions 2.7 and earlier **Description** The issue is related to multiple buffer overflows that allow remote attackers to execute arbitrary code. **Recommendations** For Metamail versions 2.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Metamail versions 2.7 and earlier **Description** The issue concerns multiple format string vulnerabilities that allow remote attackers to execute arbitrary code. **Recommendations** For Metamail versions 2.7 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lftp versions 2.6.9 and earlier **Description** The issue concerns buffer overflows in the try netscape proxy and try squid eplf functions for lftp. Remote HTTP servers can execute arbitrary code via long directory names that are processed by the ls or rels commands. **Recommendations** For lftp versions 2.6.9 and earlier, update to a version later than 2.6.9 to resolve the issue.