First published: Wed Feb 27 2019(Updated: )
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Advancemame Advancecomp | =2.1 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Fedoraproject Fedora | =30 | |
debian/advancecomp | 2.1-2.1 2.5-1 | |
=2.1 | ||
=8.0 | ||
=9.0 | ||
=14.04 | ||
=16.04 | ||
=18.04 | ||
=18.10 | ||
=19.04 | ||
=30 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9210 is a vulnerability in AdvanceCOMP 2.1 that results in an integer overflow and a heap-based buffer over-read.
CVE-2019-9210 has a severity rating of 7.8 (high).
AdvanceCOMP versions 2.1, 2.5-1, and certain Ubuntu and Debian packages are affected by CVE-2019-9210.
To fix CVE-2019-9210, update AdvanceCOMP to version 2.1-2.1 or 2.5-1, or apply the respective remedies provided by Debian and Ubuntu.
More information about CVE-2019-9210 can be found in the references provided: [link1], [link2], [link3].