Yangjiageng

**Name of the Vulnerable Software and Affected Versions** libeconf versions prior to 0.5.2 **Description** A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to Denial of Service (DoS) via malformed config files. **Recommendations** For versions prior to 0.5.2, update to version 0.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to malformed config files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libsolv versions prior to 13 Dec 2020 **Description** The issue is related to two heap-overflow vulnerabilities in the `decisionmap` variable via the `resolve dependencies` function at `src/solver.c` (line 1940 and line 1995), which could cause a remote Denial of Service. This vulnerability is associated with a buffer overflow in memory, allowing a remote attacker to cause a service disruption. **Recommendations** For versions prior to 13 Dec 2020, as a temporary workaround, consider disabling the `resolve dependencies` function until a patch is available. Restrict access to the `decisionmap` variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LibreDWG version 0.10.1 Description: A heap-based buffer overflow issue exists via the `read system page` function, which can cause a denial of service by submitting a dwg file. Recommendations: For LibreDWG version 0.10.1, consider disabling the `read system page` function as a temporary workaround until a patch is available.

Name of the Vulnerable Software and Affected Versions: ffjpeg versions prior to 2020-07-02 Description: A stack-based buffer overflow issue exists in the `jfif decode(void *ctxt, BMP *pb)` function, which could cause a denial of service by submitting a malicious jpeg image. The issue is related to the `jfif decode` function at `ffjpeg/src/jfif.c:513:28`. Recommendations: For ffjpeg versions prior to 2020-07-02, as a temporary workaround, consider disabling the `jfif decode` function until a patch is available. Restrict access to handling jpeg images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ffjpeg versions through 2020-07-02 **Description** A heap-based buffer overflow issue exists in the `jfif decode()` function at `ffjpeg/src/jfif.c` (line 544 and line 545), which could cause a denial of service by submitting a malicious jpeg image. This issue is related to the `jfif decode(void *ctxt, BMP *pb)` function and may allow an attacker to cause a service disruption. **Recommendations** For versions through 2020-07-02, consider disabling the `jfif decode()` function as a temporary workaround until a patch is available. Restrict access to the `jfif.c` module to minimize the risk of exploitation. Avoid using the `jfif decode()` function in the affected `ffjpeg` library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libsolv versions prior to 0.7.17 **Description** The issue is related to a buffer overflow vulnerability in the `pool disabled solvable` function in the `src/repo.h` component of the libsolv library. This vulnerability allows attackers to cause a Denial of Service. **Recommendations** For versions prior to 0.7.17, update to version 0.7.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the `pool disabled solvable` function in the `src/repo.h` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsolv versions prior to 0.7.17 **Description** The issue is related to a buffer overflow vulnerability in the `prune to recommended` function in `src/policy.c` of the libsolv library. This vulnerability allows attackers to cause a Denial of Service. **Recommendations** For versions prior to 0.7.17, update to version 0.7.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the `prune to recommended` function in `src/policy.c` until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsolv versions prior to 0.7.17 **Description** The issue is related to a buffer overflow vulnerability in the `pool installable whatprovides` function in the `src/repo.h` component of the libsolv library. This vulnerability allows attackers to cause a Denial of Service. **Recommendations** For versions prior to 0.7.17, update to version 0.7.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the `pool installable whatprovides` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** libsolv versions prior to 0.7.17 **Description** The issue is related to a buffer overflow vulnerability in the `pool installable` function of the `src/repo.h` component in the Libsolv library. This vulnerability can be exploited by a remote attacker to cause a Denial of Service. **Recommendations** For versions prior to 0.7.17, update to version 0.7.17 or later to resolve the issue. As a temporary workaround, consider restricting access to the `pool installable` function in the `src/repo.h` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ffjpeg versions prior to 2020-02-24 **Description** The issue is a heap-based buffer overflow in the `jfif decode` function located in `jfif.c`. **Recommendations** For versions prior to 2020-02-24, update to a version released after 2020-02-24 to resolve the issue.