Xdcao

Name of the Vulnerable Software and Affected Versions: PoDoFo version 1.1.0-dev Description: A flaw has been identified in the PDF Dictionary Parser component of PoDoFo. The issue resides within the `PdfTokenizer::DetermineDataType` function in the file src/podofo/main/PdfTokenizer.cpp. Manipulation of the affected component can lead to a use-after-free condition, potentially allowing for local exploitation. The exploit for this issue has been published. Recommendations: Apply the patch 22d16cb142f293bf956f66a4d399cdd65576d36c to remediate this issue.

Name of the Vulnerable Software and Affected Versions: ckolivas lrzip versions up to 0.651 Description: A security flaw exists in ckolivas lrzip up to version 0.651. The issue resides in the ` GI strtol l internal` function within the `strtol l.c` file, leading to a null pointer dereference when manipulated. Exploitation requires local access. The exploit has been publicly released. Recommendations: Update ckolivas lrzip to a version later than 0.651.

Name of the Vulnerable Software and Affected Versions: cmake version 4.1.20250725-gb5cce23 Description: A reachable assertion issue exists in the `cmForEachFunctionBlocker::ReplayItems` function within the `cmForEachCommand.cxx` file. The issue is locally exploitable and has been publicly disclosed. Recommendations: Install the patch 37e27f71bc356d880c908040cd0cb68fa2c371b8 to address this issue.

Name of the Vulnerable Software and Affected Versions: libsixel versions up to 1.10.3 Description: A vulnerability exists in saitoha libsixel up to version 1.10.3. This issue affects the `sixel debug print palette` function within the `img2sixel` component, located in the `src/encoder.c` file. Manipulation of this function can lead to a stack-based buffer overflow. The attack requires local access. The exploit for this issue has been publicly released. Recommendations: libsixel versions prior to 1.10.3: Apply patch 316c086e79d66b62c0c4bc66229ee894e4fdb7d1 to resolve this issue.

Name of the Vulnerable Software and Affected Versions: NASM Netwide Assembler version 2.17rc0 Description: A stack-based buffer overflow exists in the `parse line` function within the `parser.c` file. The issue is locally exploitable and has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NASM Netwide Assember version 2.17rc0 Description: A use after free issue exists in the `do directive` function within the `preproc.c` file. Exploitation requires local access. An exploit for this issue has been publicly disclosed and may be used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: jqlang versions prior to 1.7 Description: A vulnerability was determined in jqlang jq. The `run jq tests` function within the `jq test.c` file of the JSON Parser component is affected. Manipulation can lead to a reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Recommendations: Update jqlang to version 1.7 or later.

Name of the Vulnerable Software and Affected Versions: NASM Netwide Assember version 2.17rc0 Description: A heap-based buffer overflow exists in the `macho no dead strip` function within the `outmacho.c` file. Local access is required for exploitation. The exploit for this issue has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NASM Netwide Assembler version 2.17rc0 Description: A flaw exists in the `parse smacro template` function within the `preproc.c` file. This issue leads to a null pointer dereference. Local access is required for exploitation. An exploit has been made public and may be utilized. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: NASM Netwide Assembler version 2.17rc0 Description: A stack-based buffer overflow issue was identified in the `assemble file` function within the `nasm.c` file. The issue can be exploited on the local host. The exploit has been publicly disclosed. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.