Advisories » MGASA-2019-0128

Updated advancecomp packages fix security vulnerability

Publication date: 05 Apr 2019
Modification date: 05 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2019-9210

Description

advancecomp has been updated to fix a security issue that could be
triggered when pressented with a malformed PNG file. advancecomp
contained an integer overflow upon encountering an invalid PNG size, which
could result in a buffer overflow (CVE-2019-9210), as well as a heap-based
buffer over-read.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=24535
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DPZCDOUS5QYMW45SCXCDPCWKC4QVMPLU/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9210

SRPMS

6/core

• advancecomp-1.20-3.3.mga6