MGASA-2020-0008 - Updated advancecomp packages fix security vulnerability

Publication date: 05 Jan 2020
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-8383

Updated advancecomp package fixes security vulnerability:

An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address
occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by
sending a crafted file to a binary. It allows an attacker to cause a Denial of
Service (Segmentation fault) or possibly have unspecified other impact when a
victim opens a specially crafted file (CVE-2019-8383).

-[email protected]/thread/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/

- 7/core/advancecomp-2.1-4.1.mga7