In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
CPE | Name | Operator | Version |
---|---|---|---|
advancecomp | eq | 2.1 | |
ubuntu_linux | eq | 16.04 | |
ubuntu_linux | eq | 14.04 | |
ubuntu_linux | eq | 18.04 | |
ubuntu_linux | eq | 18.10 | |
ubuntu_linux | eq | 19.04 | |
debian_linux | eq | 8.0 | |
debian_linux | eq | 9.0 | |
fedora | eq | 30 |