# IDA 9.3sp2 This Service Pack of IDA 9.3 is a focused security release, addressing a set of externally reported vulnerabilities in the loaders, the command-line tools, and the Clang-based type parser. Following up on these reports, we also audited the surrounding code and fixed 10 additional internally discovered issues, listed below as general security and stability updates. You can download the latest IDA installer from [My Hex-Rays portal](https://my.hex-rays.com/dashboard/download-center/). We'd like to thank the researchers who reported these issues through responsible disclosure. See our bug bounty program at [hex-rays.com/bug-bounty](https://hex-rays.com/bug-bounty). ## Complete list of bugfixes: * BUGFIX: wasm: heap buffer overflow in the wasm loader when reading malformed LEB128 values in the function/import sections (reported by Milánek, Gen) * BUGFIX: tools: multiple heap corruption and out-of-bounds bugs in `zipids`, `pcf` and `ptmobj` when parsing crafted input files (reported by Dell Security Assurance) * BUGFIX: idaclang: argument injection in `CLANG_ARGV` could lead to arbitrary code execution when opening a malicious database (reported by Lam Jun Rong of Calif.io) * BUGFIX: various security and stability updates (10 additional issues found during follow-up investigation) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hex-rays.com/release-notes/9_3sp2.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.