Candidate: CVE-2019-8383
PublicDate: 2019-02-17 02:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8383
Description:
 An issue was discovered in AdvanceCOMP through 2.1. An invalid memory
 address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be
 triggered by sending a crafted file to a binary. It allows an attacker to
 cause a Denial of Service (Segmentation fault) or possibly have unspecified
 other impact when a victim opens a specially crafted file.
Ubuntu-Description:
Notes:
 mdeslaur> same commit as CVE-2019-8379
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928730
 https://sourceforge.net/p/advancemame/bugs/272/
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_advancecomp:
 upstream: https://github.com/amadvance/advancecomp/commit/78a56b21340157775be2462a19276b4d31d2bd01
upstream_advancecomp: released (2.1-2.1)
precise/esm_advancecomp: DNE
trusty_advancecomp: ignored (out of standard support)
trusty/esm_advancecomp: DNE
xenial_advancecomp: ignored (end of standard support, was needed)
esm-infra/xenial_advancecomp: needed
bionic_advancecomp: needed
focal_advancecomp: not-affected (2.1-2.1build1)
groovy_advancecomp: not-affected
hirsute_advancecomp: not-affected
impish_advancecomp: not-affected
jammy_advancecomp: not-affected
devel_advancecomp: not-affected