Candidate: CVE-2018-7487
PublicDate: 2018-02-26 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7487
 https://github.com/pts/sam2p/issues/18
Description:
 There is a heap-based buffer overflow in the LoadPCX function of in_pcx.cpp
 in sam2p 0.49.4. A Crafted input will lead to a denial of service or
 possibly unspecified other impact.
Ubuntu-Description:
 It was discovered that Sam2p incorrectly handled certain image files.
 An attacker could possibly use this issue to cause a denial of service
 or other unspecified impact.
Notes:
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_sam2p:
upstream_sam2p: released (0.49.2-3+deb8u2)
precise/esm_sam2p: DNE
trusty_sam2p: released (0.49.2-3+deb8u3build0.14.04.1)
trusty/esm_sam2p: DNE (trusty was released [0.49.2-3+deb8u3build0.14.04.1])

xenial_sam2p: released (0.49.2-3+deb8u3build0.16.04.1)
artful_sam2p: DNE
bionic_sam2p: DNE
devel_sam2p: DNE