Based on the provided image, I need to extract key information about the vulnerability and summarize it in Chinese Markdown. 1. Vulnerability Overview (漏洞概述): Title: Heap information disclosure (LURDELA_R24 decompression via unchecked decompressed size (undo_xpr24_impl)) Description: The function in fails to verify the actual decompressed size against the expected size. This leads to a heap information disclosure. Mechanism: calls . If the decompressed size exceeds the expected size, returns an error. However, ignores this error and returns success. This causes the decompressor to write uninitialized heap memory into the output buffer. Severity: Critical (CVSS 9.8). 2. Affected Component (影响范围): Package: openen Affected Versions: 3.4.0-3.4.7 Fixed Versions: 3.4.8 Specific Files: (line 199) (line 200) 3. PoC (Proof of Concept): The page provides a specific PoC involving a crafted file . Steps: 1. 2. 3. 4. 5. Output: The output shows "UNEXPECTED CONTENT - uninitialized heap data in file output", confirming the leak. 4. Impact (影响): Sensitive information from heap memory may be leaked through the decompressed data. Triggers a memory corruption bug (heap overflow) if the buffer is large enough. 5. Fix (修复方案): Upgrade to version 3.4.8 or later. The fix involves verifying the decompressed size against the expected size before returning success. Now, I will structure this into the requested Markdown format. 漏洞总结:Heap information disclosure (LURDELA_R24 decompression via unchecked decompressed size) 漏洞概述 该漏洞存在于 软件包的 函数中。当该函数调用 进行解压时,未能正确验证实际解压后的数据大小是否符合预期。 机制:如果解压后的数据大小超过了预期大小, 会返回错误。然而, 忽略了该错误并返回成功。这导致解压器将未初始化的堆内存写入输出缓冲区,从而造成堆信息泄露。 严重性:Critical (CVSS 9.8) 影响范围 受影响组件: 受影响版本:3.4.0 - 3.4.7 修复版本:3.4.8 受影响文件: (第 199 行) (第 200 行) 修复方案 将 升级到 3.4.8 或更高版本。 修复逻辑:在 中,在返回成功之前,必须验证实际解压后的数据大小是否小于或等于预期大小。 PoC (概念验证) 以下是页面中提供的完整 PoC 步骤和代码: PoC 输出示例:**