CVE-2018-1056
Published: 8 February 2018
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.
Notes
| Author | Note |
|---|---|
| ratliff | w/o ASAN errors out on trusty, segfaults on xenial |
Priority
CVSS 3 base score: 7.8
Status
| Package | Release | Status |
|---|---|---|
|
advancecomp Launchpad, Ubuntu, Debian |
upstream |
Released
(2.1-1)
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was released [1.18-1ubuntu0.1])
|
|
| xenial |
Released
(1.20-1ubuntu0.1)
|
|
| artful |
Released
(2.0-1ubuntu0.1)
|
|
|
Patches: upstream: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5 |
||