CVE-2022-35017 advancecomp: heap-buffer-overflow in mng_delta_addition() in mng.c

Brought to you by: amadvance

#296 CVE-2022-35017 advancecomp: heap-buffer-overflow in mng_delta_addition() in mng.c

Milestone: other

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2022-11-23

Created: 2022-11-22

Private: No

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

This was reported downstream in Fedora Linux and Fedora EPEL, where I’m the current maintainer of the advancecomp package.

Andrea Mazzoleni - 2022-11-22

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andrea Mazzoleni - 2022-11-22

Fixed in github with commit "Check move chunk"

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ben Beasley - 2022-11-23

Thank you for the quick investigation and fix.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: