Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-9210

Published: 27 February 2019

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

Priority

Medium

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
advancecomp
Launchpad, Ubuntu, Debian
upstream Needs triage

trusty
Released (1.18-1ubuntu0.2)
xenial
Released (1.20-1ubuntu0.2)
bionic
Released (2.1-1ubuntu0.18.04.1)
cosmic
Released (2.1-1ubuntu0.18.10.1)
disco
Released (2.1-1ubuntu0.19.04.1)
Patches:
upstream: https://github.com/amadvance/advancecomp/commit/fcf71a89265c78fc26243574dda3a872574a5c02

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H