CVE-2019-9210

Published: 27 February 2019

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

Priority

CVSS 3 base score: 7.8

Status

Package	Release	Status
advancecomp Launchpad, Ubuntu, Debian	bionic	Released (2.1-1ubuntu0.18.04.1)
	cosmic	Released (2.1-1ubuntu0.18.10.1)
	disco	Released (2.1-1ubuntu0.19.04.1)
	precise	Does not exist
	trusty	Does not exist (trusty was released [1.18-1ubuntu0.2])
	upstream	Needs triage
	xenial	Released (1.20-1ubuntu0.2)
	Patches: upstream: https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9210
https://ubuntu.com/security/notices/USN-3936-1
https://ubuntu.com/security/notices/USN-3936-2
NVD
Launchpad
Debian

Bugs

https://sourceforge.net/p/advancemame/bugs/277/
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923416

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›