Candidate: CVE-2018-12601
PublicDate: 2018-06-20 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12601
 https://github.com/pts/sam2p/issues/41
Description:
 There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p
 0.49.4 that leads to a denial of service or possibly unspecified other
 impact.
Ubuntu-Description:
 It was discovered that Sam2p incorrectly handled certain image files.
 An attacker could possibly use this issue to cause a denial of service
 or other unspecified impact.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_sam2p:
upstream_sam2p: released (0.49.2-3+deb8u3)
precise/esm_sam2p: DNE
trusty_sam2p: released (0.49.2-3+deb8u3build0.14.04.1)
trusty/esm_sam2p: DNE (trusty was released [0.49.2-3+deb8u3build0.14.04.1])

xenial_sam2p: released (0.49.2-3+deb8u3build0.16.04.1)
artful_sam2p: DNE
bionic_sam2p: DNE
devel_sam2p: DNE