advancecomp-1.15-21.el7

エラータID: AXSA:2019-4098:01

Release date: 
Monday, August 19, 2019 - 19:26
Subject: 
advancecomp-1.15-21.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

AdvanceCOMP is a set of recompression utilities for .PNG, .MNG and .ZIP files.

Security Fix(es):

* advancecomp: null pointer dereference in function be_uint32_read() in endianrw.h (CVE-2019-8379)

* advancecomp: denial of service in function adv_png_unfilter_8 in lib/png.c (CVE-2019-8383)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-8379
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVE-2019-8383
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.

Solution: 

Update packages.

CVEs: 
CVE-2019-8379
An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
CVE-2019-8383
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.
Additional Info: 

N/A

Download: 

SRPMS
  1. advancecomp-1.15-21.el7.src.rpm
    MD5: 05d432013836aef075c59b427074f6de
    SHA-256: 0df04fddadc2a34eff4bc6941f56a23ee50b25a87b8010c54931ef7500e11ca2
    Size: 262.49 kB

Asianux Server 7 for x86_64
  1. advancecomp-1.15-21.el7.x86_64.rpm
    MD5: 96a1f2b3d98ba3959b4019aff602686d
    SHA-256: ab04177f3df252543a17a22cc1dfe7fc3c113989dee63376abef45837c716c88
    Size: 172.86 kB