Candidate: CVE-2019-8379
PublicDate: 2019-02-17 02:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8379
Description:
 An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer
 dereference exists in the function be_uint32_read() located in endianrw.h.
 It can be triggered by sending a crafted file to a binary. It allows an
 attacker to cause a Denial of Service (Segmentation fault) or possibly have
 unspecified other impact when a victim opens a specially crafted file.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928729
 https://sourceforge.net/p/advancemame/bugs/271/
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_advancecomp:
 upstream: https://github.com/amadvance/advancecomp/commit/7894a6e684ce68ddff9f4f4919ab8e3911ac8040
upstream_advancecomp: released (2.1-2.1)
precise/esm_advancecomp: DNE
trusty_advancecomp: ignored (out of standard support)
trusty/esm_advancecomp: DNE
xenial_advancecomp: ignored (end of standard support, was needed)
esm-infra/xenial_advancecomp: needed
bionic_advancecomp: needed
focal_advancecomp: not-affected (2.1-2.1build1)
groovy_advancecomp: not-affected
hirsute_advancecomp: not-affected
impish_advancecomp: not-affected
jammy_advancecomp: not-affected
devel_advancecomp: not-affected