MGASA-2020-0008 - Updated advancecomp packages fix security vulnerability

Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0008.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-8383

Updated advancecomp package fixes security vulnerability:

An issue was discovered in AdvanceCOMP through 2.1. An invalid memory address
occurs in the function adv_png_unfilter_8 in lib/png.c. It can be triggered by
sending a crafted file to a binary. It allows an attacker to cause a Denial of
Service (Segmentation fault) or possibly have unspecified other impact when a
victim opens a specially crafted file (CVE-2019-8383).

References:
- https://bugs.mageia.org/show_bug.cgi?id=25908
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8383

SRPMS:
- 7/core/advancecomp-2.1-4.1.mga7