CVE-2020-23909
Published: 18 July 2023
Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1.
Notes
| Author | Note |
|---|---|
| mdeslaur | While the CVE description mentions AdvanceMAME, advancecomp is the actual code and is provided by the AdvanceMAME project. Could not reproduce crash with focal, jammy, or lunar. Marking as deferred until a patch is available. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
advancecomp Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| upstream |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was deferred [2023-07-26])
|
|
| bionic |
Deferred
|
|
| focal |
Deferred
|
|
| jammy |
Deferred
|
|
| lunar |
Deferred
|
|
| xenial |
Deferred
|
|
| mantic |
Deferred
|
|
|
cloop Launchpad, Ubuntu, Debian |
trusty |
Ignored
(end of standard support)
|
| upstream |
Needs triage
|
|
| kinetic |
Ignored
(end of life, was deferred [2023-07-26])
|
|
| bionic |
Deferred
|
|
| focal |
Deferred
|
|
| jammy |
Deferred
|
|
| lunar |
Deferred
|
|
| xenial |
Deferred
|
|
| mantic |
Deferred
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |