CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-35018
https://notcve.org/view.php?id=CVE-2022-35018
Advancecomp v2.3 was discovered to contain a segmentation fault. Se ha detectado que Advancecomp versión v2.3, contiene un fallo de segmentación • https://drive.google.com/file/d/1ChqmPdrjId87582a-o5ogWyEI8goRVWJ/view?usp=sharing https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35018.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-35019
https://notcve.org/view.php?id=CVE-2022-35019
Advancecomp v2.3 was discovered to contain a segmentation fault. Se ha detectado que Advancecomp versión v2.3, contiene un fallo de segmentación • https://drive.google.com/file/d/1n1hltvw-kqpzZ50L6d7RGGNagwbUp0Z2/view?usp=sharing https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35019.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 2CVE-2022-35020
https://notcve.org/view.php?id=CVE-2022-35020
Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. Se ha detectado que Advancecomp versión v2.3, contiene un desbordamiento del búfer de la pila por medio del componente __interceptor_memcpy en el archivo /sanitizer_common/sanitizer_common_interceptors.inc • https://drive.google.com/file/d/1ScTmAEmHSHvmyDnELYV1DzQTAAAm7XS9/view?usp=sharing https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35020.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYG2XAL4MBS7ADGJWYRUKBLDTBJFPJER https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQHLMLFHPV5C7PTBZML6U72QT6VNEOEF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XP42AC5VPTY45QKMRL3W4G4EXIUMFXRE • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 1CVE-2019-9210 – advancecomp: integer overflow in png_compress in pngex.cc
https://notcve.org/view.php?id=CVE-2019-9210
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) En la versión 2.1 de AdvanceCOMP, png_compress en pngex.cc en advpng tiene un desbordamiento de enteros, al encontrarse con un tamaño de PNG inválido, lo que conduce a que un memcpy intente escribirse en un búfer que es demasiado pequeño. (Hay, también, una sobrelectura de búfer basada en memoria dinámica o heap). • https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R56LVWC7KUNXFRKQB3Y5NX2YHFJKYZB4 https://sourceforge.net/p/advancemame/bugs/277 https://usn.ubuntu.com/3936-1 https://usn.ubuntu.com/3936-2 https://access.redhat.com/security/cve/CVE-2019-9210 https://bugzilla.redhat.com/show_bug.cgi?id=1684596 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 2CVE-2019-8383 – advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c
https://notcve.org/view.php?id=CVE-2019-8383
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file. Fue encontrado un problema en AdvanceCOMP hasta la versión 2.1. • https://access.redhat.com/errata/RHSA-2019:2332 https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV https://research.loginsoft.com/bugs/invalid-memory-access-in-adv_png_unfilter_8-advancecomp https://sourceforge.net/p/advancemame/bugs/272 https://access.redhat.com/security/cve/CVE-2019-8383 https://bugzilla.redhat.com/show_bug.cgi?id=1708563 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •