Zhouan

**Name of the Vulnerable Software and Affected Versions** AdvanceMAME versions through 2.1 **Description** The issue is a heap-based buffer over-read in the `png convert 4` function, located in the `pngex.cc` file. This occurs in AdvanceMAME. **Recommendations** For AdvanceMAME versions through 2.1, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gocr versions 0.53-20200802 **Description** A stack-based buffer overflow issue was found in the `measure pitch()` function in `pgm2asc.c`. This issue can potentially be exploited. **Recommendations** For gocr versions 0.53-20200802, as a temporary workaround, consider disabling the `measure pitch()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gocr versions through 0.53-20200802 **Description** An use-after-free issue was discovered in the `context correction()` function in `pgm2asc.c`. This issue can be exploited due to incorrect handling of memory, potentially leading to unintended behavior or crashes. **Recommendations** For gocr versions through 0.53-20200802, as a temporary workaround, consider restricting access to the `context correction()` function in `pgm2asc.c` until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** gocr versions 0.53 through 0.53-20200802 **Description** A stack-based buffer overflow issue was found in the try to divide boxes() function in pgm2asc.c. This issue can potentially be exploited. **Recommendations** For gocr versions 0.53 through 0.53-20200802, as a temporary workaround, consider disabling the try to divide boxes() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** fig2dev versions prior to 3.2.8 **Description** An issue exists in the compute closed spline() function located in trans spline.c, which allows an attacker to cause Denial of Service due to a NULL pointer dereference. This issue can be exploited by a remote attacker. **Recommendations** For versions prior to 3.2.8, update to version 3.2.8 to resolve the issue. As a temporary workaround, consider disabling the compute closed spline() function until a patch is available.

Name of the Vulnerable Software and Affected Versions: giflib versions 5.1.4 and earlier Description: An issue was discovered in the giflib library, where the DumpScreen2RGB function in gif2rgb.c has a heap-based buffer over-read. Recommendations: For giflib versions 5.1.4 and earlier, update to a version later than 5.1.4 to resolve the issue.