CVE-2019-8383
advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
Fue encontrado un problema en AdvanceCOMP hasta la versión 2.1. Se presenta una dirección de memoria no válida en la función adv_png_unfilter_8 en lib/png.c. Puede ser activada enviando un archivo creado hacia un binario. Permite a un atacante generar una Denegación de Servicio (DoS) (fallo de Segmentación) o posiblemente tener otro impacto no especificado cuando una víctima abre un archivo especialmente creado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-02-16 CVE Reserved
- 2019-02-17 CVE Published
- 2024-02-11 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://research.loginsoft.com/bugs/invalid-memory-access-in-adv_png_unfilter_8-advancecomp | 2024-08-04 | |
https://sourceforge.net/p/advancemame/bugs/272 | 2024-08-04 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Advancemame Search vendor "Advancemame" | Advancecomp Search vendor "Advancemame" for product "Advancecomp" | <= 2.1 Search vendor "Advancemame" for product "Advancecomp" and version " <= 2.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 30 Search vendor "Fedoraproject" for product "Fedora" and version "30" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | 7.0 Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0" | - |
Affected
|