UbuntuUpdates.org

Package "advancecomp"

Name: advancecomp

Description:

collection of recompression utilities
Latest version: 2.1-1ubuntu0.18.04.3
Release: bionic (18.04)
Level: security
Repository: main
Homepage: http://www.advancemame.it/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "advancecomp"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "advancecomp" in Bionic

Repository Area Version
base main 2.1-1
updates main 2.1-1ubuntu0.18.04.3

Changelog

Version: 2.1-1ubuntu0.18.04.3 2023-02-01 15:07:11 UTC

  advancecomp (2.1-1ubuntu0.18.04.3) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read and heap overflow vulnerabilities
    - debian/patches/CVE-2022-35014-35015-35016-35017-35018-35019-35020-*.patch:
      Fix memory issues
    - CVE-2022-35014
    - CVE-2022-35015
    - CVE-2022-35016
    - CVE-2022-35017
    - CVE-2022-35018
    - CVE-2022-35019
    - CVE-2022-35020

 -- Nishit Majithia <email address hidden> Wed, 01 Feb 2023 14:38:54 +0530
Source diff to previous version
CVE-2022-35014 Advancecomp v2.3 contains a segmentation fault.
CVE-2022-35015 Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.
CVE-2022-35016 Advancecomp v2.3 was discovered to contain a heap buffer overflow.
CVE-2022-35017 Advancecomp v2.3 was discovered to contain a heap buffer overflow.
CVE-2022-35018 Advancecomp v2.3 was discovered to contain a segmentation fault.
CVE-2022-35019 Advancecomp v2.3 was discovered to contain a segmentation fault.
CVE-2022-35020 Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interc

Version: 2.1-1ubuntu0.18.04.2 2022-10-12 09:06:21 UTC

  advancecomp (2.1-1ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow in be_uint32_read()
    - debian/patches/CVE-2019-8379.patch: Fix a buffer overflow caused by
      invalid chunks
    - CVE-2019-8379
  * SECURITY UPDATE: Buffer overflow in adv_png_unfilter_8()
    - debian/patches/CVE-2019-8383.patch: Fix a buffer overflow caused by
      invalid images
    - CVE-2019-8383

 -- Nishit Majithia <email address hidden> Thu, 06 Oct 2022 14:03:04 +0530
Source diff to previous version
CVE-2019-8379 An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can
CVE-2019-8383 An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be trigg

Version: 2.1-1ubuntu0.18.04.1 2019-04-04 16:06:56 UTC

  advancecomp (2.1-1ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2019-9210.patch: fix in lib/png.c.
    - CVE-2019-9210

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 04 Apr 2019 08:54:30 -0300
CVE-2019-9210 In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted m


About   -   Send Feedback to @ubuntu_updates