Zodf0055980

Name of the Vulnerable Software and Affected Versions: LibreDWG version 0.12.3 Description: The issue is related to a NULL pointer dereference in the out dxfb.c file. This indicates a problem where the software attempts to access memory through a pointer that has a null or invalid value, which can lead to crashes or potentially allow an attacker to execute arbitrary code. Recommendations: For LibreDWG version 0.12.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: LibreDWG version 0.12.3 Description: The issue is related to a heap-buffer overflow that can occur via the `decode preR13` function. This is a general information about the problem, and no specific details about the estimated number of potentially affected devices or real-world incidents are provided. Recommendations: For LibreDWG version 0.12.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** jasper versions prior to 2.0.23 **Description** The issue is related to a flaw in jasper's jpc encoder. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write, potentially affecting data confidentiality, integrity, or application availability. **Recommendations** For versions prior to 2.0.23, update to version 2.0.23 or later to resolve the issue. As a temporary workaround, consider restricting the input to the jpc encoder to prevent crafted input from causing an arbitrary out-of-bounds write.

**Name of the Vulnerable Software and Affected Versions** libjpeg-turbo (affected versions not specified) **Description** The issue is related to a null pointer dereference in the `jcopy sample rows()` function of the libjpeg-turbo library. This can be triggered by a crafted input file, potentially allowing an attacker to cause a denial of service using a specially created file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openjpeg2 (affected versions not specified) **Description** A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. This issue could allow an attacker to cause an application crash or, in some cases, execute arbitrary code with the permission of the user running the application. The vulnerability can also be exploited by a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.