CVE-2018-1056

Published: 08 February 2018

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

Priority

Medium

CVSS 3 base score: 7.8

Status

Package Release Status
advancecomp
Launchpad, Ubuntu, Debian
Upstream
Released (2.1-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.20-1ubuntu0.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.18-1ubuntu0.1])
Patches:
Upstream: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5