Yuqing Zhang

**Name of the Vulnerable Software and Affected Versions** Axiomatic Bento4 versions up to 1.6.0-641 **Description** A problematic issue exists in the `mp4decrypt` component, specifically within the `AP4 DataBuffer::SetDataSize` function of the `Mp4Decrypt.cpp` file. This issue leads to resource allocation. The attack can be launched remotely, but is considered difficult to exploit. The exploit has been publicly disclosed. **Recommendations** Update to a version of Axiomatic Bento4 newer than 1.6.0-641.

**Name of the Vulnerable Software and Affected Versions** GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb **Description** A vulnerability was found in GNU PSPP, affecting the `calloc` function in the `pspp-convert.c` file. The manipulation of the argument `-l` leads to integer overflow. Local access is required to approach this attack. **Recommendations** For GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb, as a temporary workaround, consider restricting access to the `pspp-convert.c` file and avoiding the use of the `-l` argument until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** GNU cflow versions up to 1.8 **Description** A problematic issue exists in GNU cflow due to a null pointer dereference in the `yylex` function within the `c.c` file of the Lexer component. This issue can be exploited locally. The exploit has been publicly disclosed. **Recommendations** Update to a version beyond 1.8.

**Name of the Vulnerable Software and Affected Versions** GNU cflow versions up to 1.8 **Description** A critical vulnerability exists in GNU cflow up to version 1.8. The issue is located in the `yylex` function within the `c.c` file of the Lexer component and leads to a buffer overflow. Local access is required for exploitation. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** appneta tcpreplay version 4.5.1 **Description** A security issue has been identified in the `calc sleep time` function within the `send packets.c` file. Manipulation of this function can lead to a divide by zero error. Exploitation requires local access. The exploit has been publicly disclosed. **Recommendations** Upgrade to version 4.5.3-beta3 to address the issue. Upgrade the affected component.

**Name of the Vulnerable Software and Affected Versions** GNU Bison versions through 3.8.2 **Description** A problematic issue exists in GNU Bison due to a double free in the `code free()` function located in the `src/scan-code.c` file. This issue requires local access for exploitation. The exploit details have been publicly disclosed. **Recommendations** Update to a version beyond 3.8.2. As a temporary workaround, consider restricting access to the `code free()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** GNU Bison versions up to 3.8.2 **Description** A problematic issue was found in GNU Bison affecting the ` obstack vprintf internal` function within the `obprintf.c` file. The manipulation leads to a reachable assertion. The exploit has been publicly disclosed. **Recommendations** Update to a version beyond 3.8.2.