Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 7: 2020-0008 Moderate: AdvanceCOMP Denial Of Service

mageia
Calendar Grey January 5, 2020
Dist Mageia Esm H88
MGASA-2020-0009: Security update for the AdvanceCOMP package released to address a DDoS vulnerability affecting Mageia 7. Full information provided.
Updated advancecomp package fixes security vulnerability: An issue was discovered in AdvanceCOMP through 2.1

Summary

Updated advancecomp package fixes security vulnerability:
An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file (CVE-2019-8383).

References

- https://bugs.mageia.org/show_bug.cgi?id=25908

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/

- https://www.cve.org/CVERecord?id=CVE-2019-8383

Topics%20covered

Topics Covered

security advisory denial of service security update vulnerability memory issue Mageia AdvanceCOMP

Resolution

SRPMS

- 7/core/advancecomp-2.1-4.1.mga7

Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0008.html
Type: security
CVE: CVE-2019-8383

Topics%20covered

Topics Covered

security advisory denial of service security update vulnerability memory issue Mageia AdvanceCOMP

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here