Zhen Zhou

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** A heap use after free issue was discovered in ImageMagick's `ReplaceXmpValue()` function in MagickCore/profile.c. This issue can be exploited by an attacker who tricks a user into opening a specially crafted file, triggering a heap-use-after-free write error. This error can cause an application to crash, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ImageMagick (affected versions not specified) **Description** A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c. A local attacker could trick the user into opening a specially crafted file, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 version 0.27.3 **Description** The issue is related to an integer overflow in the `CrwMap::encode0x1810` function of Exiv2, which can be exploited by attackers to trigger a heap-based buffer overflow, causing a denial of service (DOS) via crafted metadata. This can be achieved by remotely exploiting the vulnerability with specially designed metadata. **Recommendations** For Exiv2 version 0.27.3, consider disabling the `CrwMap::encode0x1810` function as a temporary workaround until a patch is available. Restrict access to crafted metadata to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Exiv2 versions v0.27.3 and earlier **Description** The issue is related to an out-of-bounds read in the Exiv2 library, which can be triggered when writing metadata into a crafted image file. This could potentially allow a remote attacker to cause a denial of service by crashing Exiv2 if they can trick the victim into running Exiv2 on a crafted image file. The bug is less frequently triggered since it occurs during metadata writing, a less common operation than reading metadata. **Recommendations** For Exiv2 versions v0.27.3 and earlier, update to version v0.27.4 to resolve the issue. As a temporary workaround, consider avoiding the use of the metadata writing functionality in Exiv2 until the update is applied.

**Name of the Vulnerable Software and Affected Versions** VLC media player version 3.0.11 **Description** A heap-based buffer overflow issue exists in the EbmlTypeDispatcher::send function of VLC media player, which can be triggered by a crafted .mkv file. This allows attackers to potentially gain access to confidential information or cause a denial of service. **Recommendations** For version 3.0.11, consider updating to a newer version to mitigate the risk, as the current version is affected by a heap-based buffer overflow issue in the EbmlTypeDispatcher::send function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC Media Player version 3.0.11 **Description** A buffer overflow vulnerability in the ` Parse indx` component of VideoLAN VLC Media Player allows attackers to cause an out-of-bounds read via a crafted .avi file. This vulnerability is related to buffer copying without input validation, which can be exploited by a remote attacker to gain access to confidential data and cause a denial of service. **Recommendations** For version 3.0.11, consider disabling the ` Parse indx` component until a patch is available to prevent exploitation via crafted .avi files. Restrict access to .avi files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** VLC Media Player version 3.0.11 **Description** The issue is related to a NULL-pointer dereference in the `Open` function within the `avi.c` file of the VLC Media Player. This can cause a denial of service (DOS) in the application, allowing a remote attacker to disrupt service. **Recommendations** For version 3.0.11, consider disabling the `Open` function in `avi.c` as a temporary workaround until a patch is available. Restrict access to the `avi.c` component to minimize the risk of exploitation. Avoid using the `Open` function in the affected `avi.c` file until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC Media Player version 3.0.11 **Description** A buffer overflow vulnerability in the `vlc input attachment New` component allows attackers to cause an out-of-bounds read via a crafted .avi file. This can be exploited by a remote attacker to gain access to confidential data and cause a denial of service. **Recommendations** For version 3.0.11, consider updating to a newer version to mitigate the risk, as the current version is affected by the buffer overflow vulnerability in the `vlc input attachment New` component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 76.0.3809.87 **Description** The issue is caused by an integer overflow in the PDFium component, allowing a remote attacker to potentially exploit heap corruption via a crafted PDF file. This could lead to a denial of service. **Recommendations** For versions prior to 76.0.3809.87, update to version 76.0.3809.87 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 72.0.3626.81 **Description** The issue is related to the sharing of objects over calls into the JavaScript runtime in PDFium, which can lead to heap corruption. A remote attacker can potentially exploit this issue via a crafted PDF file, affecting the integrity of protected information. **Recommendations** For versions prior to 72.0.3626.81, update to version 72.0.3626.81 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 70.0.3538.67 **Description** The issue is related to the incorrect handling of PDF filter chains in PDFium, which allows a remote attacker to perform an out of bounds memory read via a crafted PDF file. This can potentially lead to the execution of arbitrary code. **Recommendations** For versions prior to 70.0.3538.67, update to version 70.0.3538.67 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 68.0.3440.75 **Description** The issue is related to a precision error in the Skia graphics engine, which can lead to an out of bounds memory write. This can be exploited by a remote attacker using a specially crafted HTML page, potentially impacting the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 68.0.3440.75, update to version 68.0.3440.75 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Android versions 6.0 through 7.1.1 **Description** The issue is caused by a buffer overflow in the Mediaserver service of the Android operating system. This can be exploited by a remote attacker using a specially crafted file to inject arbitrary code, potentially causing memory corruption during media file or data processing. The issue affects the libhevc library and is considered critical due to the possibility of remote code execution within the context of the Mediaserver process. **Recommendations** For Android versions 6.0 through 7.1.1, update to a version that contains a fix for this issue to prevent potential memory corruption and arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.