Yuhang Huang

**Name of the Vulnerable Software and Affected Versions** libtiff (affected versions not specified) **Description** The issue is related to a heap buffer overflow in the libtiff library when processing the `TIFFTAG INKNAMES` and `TIFFTAG NUMBEROFINKS` parameters. This can lead to a denial of service or potentially allow an attacker to execute arbitrary code, causing unexpected application termination. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axiomatic Bento4 (affected versions not specified) **Description** A problematic issue has been found, affecting the `AP4 File::AP4 File` function of the `Mp42Hevc.cpp` file in the `mp42hevc` component. This issue leads to denial of service and can be initiated remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Axiomatic Bento4 (affected versions not specified) **Description** A problematic issue was found, affecting the `ParseCommandLine` function of the `Mp4Tag/Mp4Tag.cpp` file in the `mp4tag` component. This issue leads to denial of service and can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** A memory leak was discovered in the AP4 AvcFrameParser::Feed function in mp4mux. **Recommendations** For Bento4 version 1.6.0-639, consider updating to a newer version that contains a fix for this issue, although at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** An issue was discovered in the function `AP4 DataBuffer::ReallocateBuffer` in `Core/Ap4DataBuffer.cpp`, which leads to excessive memory consumption. **Recommendations** For Bento4 version 1.6.0-639, consider applying a patch or fix to the `AP4 DataBuffer::ReallocateBuffer` function to prevent excessive memory consumption. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** A memory leak issue exists in the `AP4 StdcFileByteStream::Create` function, specifically in the `System/StdC/Ap4StdCFileByteStream.cpp` file. This issue can lead to memory exhaustion if exploited. **Recommendations** For Bento4 version 1.6.0-639, consider restricting access to the `AP4 StdcFileByteStream::Create` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 versions through 1.6.0-639 **Description** A NULL pointer dereference issue occurs in the `AP4 File::ParseStream` function, located in `Core/Ap4File.cpp`, which is called from `AP4 File::AP4 File`. **Recommendations** For versions through 1.6.0-639, consider updating to a version that fixes this issue, as no specific mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xpdf version 4.04 **Description** An issue was discovered that causes a crash in the `gfseek( IO FILE*, long, int)` function in the `goo/gfile.cc` file. **Recommendations** For Xpdf version 4.04, as a temporary workaround, consider disabling the `gfseek()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** An issue in Bento4 leads to excessive memory consumption in the `AP4 Array<AP4 ElstEntry>::EnsureCapacity` function, located in Core/Ap4Array.h. **Recommendations** For Bento4 version 1.6.0-639, consider applying a patch or fix that addresses the excessive memory consumption issue in the `AP4 Array<AP4 ElstEntry>::EnsureCapacity` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Bento4 version 1.6.0-639 **Description** An issue was discovered in Bento4, where there is excessive memory consumption in `AP4 CttsAtom::Create` in `Core/Ap4CttsAtom.cpp`. **Recommendations** For Bento4 version 1.6.0-639, consider restricting the use of the `AP4 CttsAtom::Create` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Bento4 versions 1.6.0-639 and earlier **Description** An issue was discovered that leads to a NULL pointer dereference in `AP4 DescriptorListWriter::Action` in Core/Ap4Descriptor.h. This issue is called from `AP4 EsDescriptor::WriteFields` and `AP4 Expandable::Write`. **Recommendations** For Bento4 versions 1.6.0-639 and earlier, consider disabling the `AP4 DescriptorListWriter::Action` function as a temporary workaround until a patch is available. Restrict access to the `Core/Ap4Descriptor.h` module to minimize the risk of exploitation. Avoid using the affected functions `AP4 EsDescriptor::WriteFields` and `AP4 Expandable::Write` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Bento4 versions 1.6.0-639 and earlier **Description** A buffer over-read issue exists in the function `AP4 StdcFileByteStream::WritePartial` located in `System/StdC/Ap4StdCFileByteStream.cpp`, which is called from `AP4 ByteStream::Write` and `AP4 HdlrAtom::WriteFields`. **Recommendations** For Bento4 versions 1.6.0-639 and earlier, as a temporary workaround, consider restricting the use of the `AP4 StdcFileByteStream::WritePartial` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.