Home

CVE-2019-9210

Description

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.434

Associated Vulnerability

VulnerabilityOS Platform
collection of recompression utilities (USN-3936-1) advancecomp_1.18-1ubuntu0.2_i386.debLinux
collection of recompression utilities (USN-3936-1) advancecomp_1.18-1ubuntu0.2_amd64.debLinux
collection of recompression utilities (USN-3936-1) advancecomp_1.20-1ubuntu0.2_i386.debLinux
collection of recompression utilities (USN-3936-1) advancecomp_1.20-1ubuntu0.2_amd64.debLinux
collection of recompression utilities (USN-3936-1) advancecomp_2.1-1ubuntu0.18.04.1_i386.debLinux
collection of recompression utilities (USN-3936-1) advancecomp_2.1-1ubuntu0.18.04.1_amd64.debLinux
collection of recompression utilities (USN-3936-1) advancecomp_2.1-1ubuntu0.18.10.1_i386.debLinux
collection of recompression utilities (USN-3936-1) advancecomp_2.1-1ubuntu0.18.10.1_amd64.debLinux
(RHSA-2020:1037) advancecomp security update advancecomp-1.15-22.el7.x86_64.rpmLinux
(CESA-2020:1037) advancecomp security update advancecomp-1.15-22.el7.x86_64.rpmLinux
(RHSA-2020:1037)Moderate: security update advancecomp-debuginfo-1.15-22.el7.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234