Advancecomp Security Vulnerabilities - May
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.
7.8CVSS
7.3AI Score
0.001EPSS
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecifi...
7.8CVSS
7.7AI Score
0.003EPSS
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other...
7.8CVSS
7.7AI Score
0.003EPSS
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
7.8CVSS
7.6AI Score
0.001EPSS
5.5CVSS
5.2AI Score
0.001EPSS
Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.
5.5CVSS
5.5AI Score
0.001EPSS
5.5CVSS
5.4AI Score
0.001EPSS
5.5CVSS
5.4AI Score
0.001EPSS
5.5CVSS
5.2AI Score
0.001EPSS
5.5CVSS
5.2AI Score
0.001EPSS
Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.
5.5CVSS
5.5AI Score
0.001EPSS
A segmentation fault flaw was found in the Advancecomp package. This may lead to decreased availability.
3.3CVSS
3.7AI Score
0.0004EPSS