Описание
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.1-1ubuntu0.18.04.1 |
| cosmic | released | 2.1-1ubuntu0.18.10.1 |
| devel | not-affected | 2.1-2 |
| disco | released | 2.1-1ubuntu0.19.04.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.18-1ubuntu0.2]] |
| esm-infra/bionic | released | 2.1-1ubuntu0.18.04.1 |
| esm-infra/xenial | released | 1.20-1ubuntu0.2 |
| precise/esm | DNE | |
| trusty | released | 1.18-1ubuntu0.2 |
| trusty/esm | DNE | trusty was released [1.18-1ubuntu0.2] |
Показывать по
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer ...
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)
EPSS
6.8 Medium
CVSS2
7.8 High
CVSS3