Volticks

**Name of the Vulnerable Software and Affected Versions** ClamAV (affected versions not specified) **Description** A vulnerability in Universal Disk Format (UDF) processing could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This issue is due to a memory overread during UDF file scanning. An attacker could exploit this by submitting a crafted file containing UDF content to be scanned by ClamAV. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FontForge (affected versions not specified) **Description** A flaw exists in FontForge due to insufficient validation of user-supplied data during the parsing of SFD files, leading to deserialization of untrusted data. This can allow a remote attacker to execute arbitrary code on affected installations. User interaction is required, specifically the target must open a malicious file or visit a malicious page. The issue was identified as ZDI-CAN-28198. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FontForge (affected versions not specified) **Description** A flaw exists in FontForge within the parsing of scanlines in SGI files. The issue is due to insufficient validation of user-supplied data length before copying it into a heap-based buffer, potentially allowing a remote attacker to execute arbitrary code. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FontForge (affected versions not specified) **Description** A flaw exists in FontForge within the parsing of pixels within XBM files. The issue stems from insufficient validation of user-supplied data, leading to an integer overflow during buffer allocation. This can allow a remote attacker to execute arbitrary code in the context of the current process. User interaction is required, such as visiting a malicious page or opening a malicious file, to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FontForge (affected versions not specified) **Description** A flaw exists in FontForge’s handling of BMP file pixel parsing, potentially allowing a remote attacker to execute arbitrary code. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The issue stems from insufficient validation of user-supplied data length before copying it into a heap-based buffer, leading to a potential buffer overflow. Successful exploitation could allow an attacker to execute code with the privileges of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.