Zubin Mithra

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an out-of-bounds read in the uvcvideo component of the Linux kernel. This occurs when the index provided by the user is bigger than the mask size. The exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android (affected versions not specified) **Description** A buffer overflow issue exists in a WLAN function of the Android operating system due to an incorrect message length. This issue can potentially allow a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.18 **Description** The issue is related to insufficient access control in the Qualcomm Seemp driver component of the Android operating system. It may allow a remote attacker to execute arbitrary code. This is an elevation of privilege issue that could enable a local malicious application to execute arbitrary code within the context of the kernel, but it first requires compromising a privileged process. **Recommendations** For Android version Kernel-3.18, consider restricting access to the Qualcomm Seemp driver to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TagLib versions prior to 1.7.1 **Description** The issue concerns multiple vulnerabilities in the TagLib package that can lead to a denial of service, causing disruption to protected information. Exploitation of these vulnerabilities can be done remotely. Specifically, the `analyzeCurrent` function in `ape/apeproperties.cpp` allows context-dependent attackers to cause an application crash via a crafted `sampleRate` in an ape file, triggering a divide-by-zero error. **Recommendations** For versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `analyzeCurrent` function in `ape/apeproperties.cpp` until a patch is available. Restrict access to ape files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** TagLib versions prior to 1.7.1 Gentoo Linux (affected versions not specified) **Description** The issue concerns multiple vulnerabilities in the TagLib package that can lead to a denial of service, causing disruption to protected information. Exploitation can be done remotely. Specifically, an integer overflow in the `mid` function in `toolkit/tbytevector.cpp` in TagLib 1.7 and earlier allows attackers to cause an application crash via a crafted file header field in a media file, triggering a large memory allocation. **Recommendations** For TagLib versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. For Gentoo Linux, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TagLib versions prior to 1.7.1 **Description** The issue concerns multiple vulnerabilities in the TagLib package that can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. Specifically, the `parse` function in `ogg/xiphcomment.cpp` in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted `vendorLength` field in an ogg file. **Recommendations** For TagLib versions prior to 1.7.1, update to version 1.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to ogg files or disabling the `parse` function in `ogg/xiphcomment.cpp` until a patch is available. Avoid using the `vendorLength` field in ogg files until the issue is resolved.