Vishal Chauhan

**Name of the Vulnerable Software and Affected Versions** Windows 7 Windows 8.1 Windows 10 Windows Server 2008 R2 Windows Server 2012 Windows Server 2012 R2 Windows Server 2016 **Description** A denial of service issue exists in the way Windows handles objects in memory. An attacker who successfully exploits this could cause a target system to stop responding. **Recommendations** For Windows 7, update to a version that includes the fix for this issue. For Windows 8.1, update to a version that includes the fix for this issue. For Windows 10, update to a version that includes the fix for this issue. For Windows Server 2008 R2, update to a version that includes the fix for this issue. For Windows Server 2012, update to a version that includes the fix for this issue. For Windows Server 2012 R2, update to a version that includes the fix for this issue. For Windows Server 2016, update to a version that includes the fix for this issue.

**Name of the Vulnerable Software and Affected Versions** LibTIFF (affected versions not specified) **Description** The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via a JPEG file with a specific TIFFTAG JPEGTABLES length. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to out-of-bounds write vulnerabilities in heap allocated buffers. Specifically, the `t2p process jpeg strip()` function is affected. This could potentially lead to exploitation, although no specific details about the estimated number of affected devices or real-world incidents are provided. **Recommendations** For libtiff version 4.0.6, consider updating to a newer version that addresses the out-of-bounds write vulnerabilities in the `t2p process jpeg strip()` function. As a temporary workaround, consider restricting access to the `t2p process jpeg strip()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to out-of-bounds write vulnerabilities in buffers within the tools/tiffcrop.c file of libtiff. **Recommendations** For libtiff version 4.0.6, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to out-of-bounds write vulnerabilities in heap allocated buffers, specifically in the tif pixarlog.c file. This can lead to a heap-buffer-overflow, which has been reported as "PixarLog horizontalDifference heap-buffer-overflow." **Recommendations** For libtiff version 4.0.6, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to an out-of-bounds write on tiled images with odd tile width versus image width. This can lead to a heap-buffer-overflow. **Recommendations** For libtiff version 4.0.6, consider updating to a newer version that addresses this issue, as the current version has a known problem with tiled images that can cause a heap-buffer-overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to an out-of-bounds read in the `readContigTilesIntoBuffer()` function. **Recommendations** For libtiff version 4.0.6, consider updating to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libtiff version 4.0.6 **Description** The issue is related to the error code path of TIFFFlushData1() in tif write.c, which did not reset the `tif rawcc` and `tif rawcp` members, leading to a heap-buffer-overflow. **Recommendations** For libtiff version 4.0.6, consider updating to a newer version that addresses this issue, as the current version has a problem in the TIFFFlushData1() function that could lead to a heap buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.