Description
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.
CVSS breakdown
CVSS 3.0
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Affected products
- amadvance / advancecomp:2.1-2018/02 – 2.1-2018/02
References
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2019/03/msg00004.html
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056
- VENDOR_ADVISORYhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270
- VENDOR_ADVISORYhttps://usn.ubuntu.com/3570-1/
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2018/02/msg00016.html
- MISChttps://sourceforge.net/p/advancemame/bugs/259/
- MAILING_LISThttps://lists.debian.org/debian-lts-announce/2021/12/msg00034.html