CVE-2022-35016 advancecomp: heap buffer overflow in data_dup() in data.cc
Brought to you by:
amadvance
Advancecomp v2.3 was discovered to contain a heap buffer overflow.
https://github.com/Cvjark/Poc/blob/main/advancecomp/CVE-2022-35016.md
https://drive.google.com/file/d/1oWVhoJJih6-pgbvrZsx5oFUtv-vgR0fF/view?usp=sharing
This was reported downstream in Fedora Linux and Fedora EPEL, where I’m the current maintainer of the advancecomp package.
Fixed in github with commit "Check for truncated end of central directory"
Thank you for the quick investigation and fix.