MidnightBSD

Advisories for advancemame

CVE-2018-1056 MEDIUM

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-122,CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 7.0
debian debian_linux 8.0
canonical ubuntu_linux 17.10
canonical ubuntu_linux 14.04
advancemame advancecomp *
canonical ubuntu_linux 16.04
debian debian_linux 9.0
CVE-2019-8379 MEDIUM

An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
fedoraproject fedora 35
advancemame advancecomp *
redhat enterprise_linux_for_power_little_endian 7.0
debian debian_linux 9.0
redhat enterprise_linux_workstation 7.0
CVE-2019-8383 MEDIUM

An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
advancemame advancecomp *
fedoraproject fedora 30
redhat enterprise_linux_for_power_little_endian 7.0
debian debian_linux 9.0
redhat enterprise_linux_workstation 7.0
CVE-2019-9210 MEDIUM

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-190,

Products Affected

Vendor Product Version
debian debian_linux 8.0
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
advancemame advancecomp 2.1
canonical ubuntu_linux 16.04
fedoraproject fedora 30
canonical ubuntu_linux 19.04
debian debian_linux 9.0
canonical ubuntu_linux 18.04
CVE-2020-23909

Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1.

Products Affected

Vendor Product Version
advancemame advancemame *
CVE-2022-35014

Advancecomp v2.3 contains a segmentation fault.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
advancemame advancecomp 2.3
fedoraproject fedora 36
CVE-2022-35015

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
advancemame advancecomp 2.3
fedoraproject fedora 36
CVE-2022-35016

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
advancemame advancecomp 2.3
fedoraproject fedora 36
CVE-2022-35017

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
advancemame advancecomp 2.3
fedoraproject fedora 36
CVE-2022-35018

Advancecomp v2.3 was discovered to contain a segmentation fault.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
advancemame advancecomp 2.3
fedoraproject fedora 36
CVE-2022-35019

Advancecomp v2.3 was discovered to contain a segmentation fault.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
advancemame advancecomp 2.3
fedoraproject fedora 36
CVE-2022-35020

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.

Products Affected

Vendor Product Version
fedoraproject fedora 37
fedoraproject fedora 35
advancemame advancecomp 2.3
fedoraproject fedora 36
CVE-2023-2961

A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.

Products Affected

Vendor Product Version
advancemame advancecomp *