CVE-2020-23909
Published: 18 July 2023
Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1.
Notes
| Author | Note |
|---|---|
| mdeslaur | While the CVE description mentions AdvanceMAME, advancecomp is the actual code and is provided by the AdvanceMAME project. Could not reproduce crash with focal, jammy, or lunar. Marking as deferred until a patch is available. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
advancecomp Launchpad, Ubuntu, Debian |
bionic |
Deferred
|
| focal |
Deferred
|
|
| jammy |
Deferred
|
|
| kinetic |
Ignored
(end of life, was deferred [2023-07-26])
|
|
| lunar |
Ignored
(end of life, was deferred)
|
|
| mantic |
Deferred
|
|
| noble |
Deferred
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Deferred
|
|
|
cloop Launchpad, Ubuntu, Debian |
bionic |
Deferred
|
| focal |
Deferred
|
|
| jammy |
Deferred
|
|
| kinetic |
Ignored
(end of life, was deferred [2023-07-26])
|
|
| lunar |
Ignored
(end of life, was deferred)
|
|
| mantic |
Deferred
|
|
| noble |
Deferred
|
|
| trusty |
Ignored
(end of standard support)
|
|
| upstream |
Needs triage
|
|
| xenial |
Deferred
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |