AdvanceMAME / Bugs / #297 CVE-2022-35016 advancecomp: heap buffer overflow in data

#297 CVE-2022-35016 advancecomp: heap buffer overflow in data_dup() in data.cc

Milestone: other

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2022-11-23

Created: 2022-11-22

Private: No

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

This was reported downstream in Fedora Linux and Fedora EPEL, where I’m the current maintainer of the advancecomp package.

Andrea Mazzoleni - 2022-11-22

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andrea Mazzoleni - 2022-11-22

Fixed in github with commit "Check for truncated end of central directory"

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ben Beasley - 2022-11-23

Thank you for the quick investigation and fix.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: