From this GitHub issue screenshot, the following key information about the vulnerabilities can be extracted: Vulnerability Type: These are fuzzing related bugs as indicated by the label "fuzzing". Bug Details: - BUG1: - Type: Segmentation fault (SEGV) - Cause: READ memory access violation in function due to invalid auxiliary header address (auxheader_address). - Location: - BUG2: - Type: Heap buffer overflow - Cause: The first fix was incomplete, leading to another PoC ( ) causing an overflow. - Location: in function, and another in function. Environment: - Ubuntu 20.04 - GCC 9.4.0 - Using the latest commit of (commit 77a85b6). Steps to Reproduce: - Compile with a specific configuration ( ). - POCs are provided ( and ). Status: - The issue was initially closed after fixes ( , , , and , ), but then reopened due to incomplete fixes and closed again ( ) after addressing the remaining issues. Credit: - Reported by Han Zheng (NCNIPC of China, Hexhive). Comments and Actions: - Initial report by on March 29, 2023. - The issue was assigned and managed by , who also committed fixes. - Issue was closed on March 30, 2023 and re-opened then closed again on April 4, 2023.