Yanhao

Name of the Vulnerable Software and Affected Versions: GPAC versions 0.8.0 through 1.0.1 Description: A heap-based buffer overflow issue exists in the `gp rtp builder do avc()` function, located in the `ietf/rtp pck mpeg4.c` file. Recommendations: For GPAC version 0.8.0, update to a version that fixes the issue. For GPAC version 1.0.1, update to a version that fixes the issue. As a temporary workaround, consider disabling the `gp rtp builder do avc()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** LibTIFF version 4.0.9 **Description** The issue allows remote attackers to cause a denial of service, which is a heap-based buffer overflow and application crash, or possibly have other unspecified impacts via a crafted TIFF file. This can be demonstrated using tiff2pdf. **Recommendations** For LibTIFF version 4.0.9, update to a version that fixes the issue in the ChopUpSingleUncompressedStrip function in tif dirread.c to prevent a heap-based buffer overflow and application crash. As a temporary workaround, consider restricting the processing of crafted TIFF files to minimize the risk of exploitation.