Xiaoxiaoafeifei

**Name of the Vulnerable Software and Affected Versions** openjpeg version 2.5.0 **Description** openjpeg version 2.5.0 contains a NULL pointer dereference in the `/openjp2/dwt.c` component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unbound (affected versions not specified) **Description** A heap-buffer-overflow flaw was found in the `cfg mark ports` function within Unbound's config file.c, which can lead to memory corruption. This issue could allow an attacker with local access to provide specially crafted input, potentially causing the application to crash or allowing arbitrary code execution. This could result in a denial of service or unauthorized actions on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Unbound (affected versions not specified) **Description** A NULL pointer dereference flaw was found in the `ub ctx set fwd` function in Unbound. This issue could allow an attacker who can invoke specific sequences of API calls to cause a segmentation fault. When certain API functions such as `ub ctx set fwd` and `ub ctx resolvconf` are called in a particular order, the program attempts to read from a NULL pointer, leading to a crash. This issue can result in a denial of service by causing the application to terminate unexpectedly. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Academy Software Foundation openexr versions 3.2.3 and earlier **Description** An issue in the convert function of exrmultipart.cpp allows a local attacker to cause a denial of service (DoS). **Recommendations** For versions 3.2.3 and earlier, consider disabling the convert function of exrmultipart.cpp as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libheif versions prior to 1.17.7 **Description** The issue is related to a memory leak in the `JpegEncoder::Encode` function, which can be exploited by an attacker to cause a denial of service attack. This flaw allows a remote attacker to disrupt service. **Recommendations** For versions prior to 1.17.7, update to version 1.17.7 or later to resolve the issue. As a temporary workaround, consider disabling the `JpegEncoder::Encode` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC versions 2.2.1 and earlier **Description** The issue is related to the `ctts box read` function in the GPAC multimedia platform, which is associated with resource release errors. This can allow a local attacker to cause a denial of service (DoS). The `ctts box read` function is located in the file `src/isomedia/box code base.c`. **Recommendations** For GPAC versions 2.2.1 and earlier, consider disabling the `ctts box read` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenImageIO oiio version 2.4.12.0 **Description** An issue in OpenImageIO oiio allows a remote attacker to execute arbitrary code and cause a denial of service via the `read rle image` function of file bifs/unquantize.c. **Recommendations** For OpenImageIO oiio version 2.4.12.0, consider disabling the `read rle image` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GPAC versions 2.2.1 and earlier **Description** The issue is related to an integer overflow in the `Q DecCoordOnUnitSphere()` function, located in the `src/bifs/unquantize.c` file of the GPAC multimedia platform. This can be exploited by a local attacker to cause a denial of service. **Recommendations** For GPAC versions 2.2.1 and earlier, as a temporary workaround, consider disabling the `Q DecCoordOnUnitSphere()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GPAC versions through 2.2.1 **Description** The issue is related to the incorrect use of dynamic memory in the `gf bifs flush command list` function of the GPAC multimedia platform. This can lead to a denial of service when exploited. The vulnerability is a use-after-free issue in the `gf bifs flush command list` function located in `bifs/memory decoder.c`. **Recommendations** For GPAC versions through 2.2.1, update to a version that fixes the use-after-free vulnerability in the `gf bifs flush command list` function. As a temporary workaround, consider restricting access to the `gf bifs flush command list` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ImageMagick version 7.1.0-4 **Description** An issue was discovered in the function ReadEnhMetaFile of coders/emf.c, which is related to a division by zero error. **Recommendations** For ImageMagick version 7.1.0-4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LibTIFF (affected versions not specified) **Description** The issue is related to a null pointer dereference in the tif dir.c file of the LibTIFF library. This may allow an attacker to cause a denial of service by passing a crafted TIFF image file to the tiffcp utility, triggering a runtime error and resulting in an application crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenImageIO versions 2.4.12.0 and before **Description** The issue is related to a buffer overflow vulnerability in the `readimg` function of the OpenImageIO library, which occurs due to unverified input data. This can allow an attacker to access sensitive information, compromise data integrity, and cause a denial of service using a specially crafted file. The vulnerability can be exploited to execute arbitrary code remotely. **Recommendations** For OpenImageIO versions 2.4.12.0 and before, consider disabling the `readimg` function until a patch is available to prevent potential exploitation. Restrict access to the library to minimize the risk of arbitrary code execution. Avoid using the library with untrusted input files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenImageIO oiio version 2.4.12.0 **Description** The issue allows a remote attacker to execute arbitrary code and cause a denial of service via the `read subimage data` function. **Recommendations** For OpenImageIO oiio version 2.4.12.0, consider disabling the `read subimage data` function until a patch is available to prevent potential exploitation.

**Name of the Vulnerable Software and Affected Versions** libtiff versions 4.x **Description** The issue is related to a flaw in the `extractImageSection` function of the libtiff library, which can cause an out-of-bounds read in memory. This can lead to a denial of service and limited information disclosure when a specially crafted TIFF file is processed. The `extractImageSection` function in `tools/tiffcrop.c` is specifically affected. **Recommendations** For libtiff versions 4.x, improved checks have been implemented to address the issue. As a temporary workaround, consider restricting the use of the `extractImageSection` function in `tools/tiffcrop.c` until the improved checks are applied. Additionally, avoid processing specially crafted TIFF files with the affected libtiff versions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** jasper (affected versions not specified) **Description** A security issue exists due to a memory leak bug in the `cmdopts parse` function, which can cause a crash or segmentation fault. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WavPack version 5.4.0 **Description** A null pointer dereference bug was found in the `main()` function of the `cli/wvunpack.c` component of the WavPack audio codec. This bug allows an attacker to cause a denial of service using a specially crafted file. The issue is related to errors in pointer dereferencing. **Recommendations** For WavPack version 5.4.0, as a temporary workaround, consider disabling the `main()` function in `cli/wvunpack.c` until a patch is available. However, since this is a critical component, it is recommended to wait for an official fix from the developers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openjpeg2 version 2.4.0 **Description** A flaw was found in the opj2 decompress program in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. **Recommendations** For openjpeg2 version 2.4.0, consider updating to a newer version that addresses this issue, as the current version may lead to a denial of service when handling a large number of files in an input directory. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Patchelf version 0.9 **Description** The issue is related to an out-of-bounds read in the `modifyRPath` function at `src/patchelf.cc`. This problem can be exploited, but details about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited are not provided. The `modifyRPath` function is the key point of vulnerability. **Recommendations** For Patchelf version 0.9, as a temporary workaround, consider disabling the `modifyRPath` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.