Xqx

Name of the Vulnerable Software and Affected Versions: GEGL versions prior to 0.3.32 babl version 0.1.46 Description: An issue in GEGL and babl allows remote attackers to cause a denial of service or possibly have other unspecified impacts via a malformed PNG file. This occurs during a call to the `babl format get bytes per pixel` function in `babl-format.c` when the `gegl tile backend swap constructed` function in `gegl-tile-backend-swap.c` mishandles the file. Recommendations: For GEGL versions prior to 0.3.32, update to a version newer than 0.3.32 to resolve the issue. For babl version 0.1.46, consider restricting the use of the `babl format get bytes per pixel` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: GEGL versions prior to 0.3.32 Description: An issue in the gegl buffer iterate read simple function allows remote attackers to cause a denial of service or possibly have other impact via a malformed PPM file. This is related to improper restrictions on memory allocation in the ppm load read header function. Recommendations: For GEGL versions prior to 0.3.32, update to version 0.3.32 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ppm load read header function in operations/external/ppm-load.c to minimize the risk of exploitation. Avoid using the gegl buffer iterate read simple function in buffer/gegl-buffer-access.c with untrusted PPM files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibTIFF (affected versions not specified) **Description** The issue is related to a null pointer dereference in the TIFFPrintDirectory function (tif print.c) of the LibTIFF library. Exploitation of this issue may allow a remote attacker to cause a partial denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libdwarf versions 20151114 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a NULL pointer dereference and crash. This can be achieved via a debug abbrev section marked NOBITS in an ELF file. **Recommendations** For libdwarf versions 20151114 and earlier, consider updating to a version later than 20151114 to resolve the issue. As a temporary workaround, restrict the processing of ELF files with a debug abbrev section marked NOBITS to minimize the risk of exploitation.