CVE-2022-35015 advancecomp: heap-buffer-overflow in le_uint32_read() in...

Brought to you by: amadvance

#298 CVE-2022-35015 advancecomp: heap-buffer-overflow in le_uint32_read() in lib/endianrw.h

Milestone: other

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2022-11-23

Created: 2022-11-22

Private: No

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

This was reported downstream in Fedora Linux and Fedora EPEL, where I’m the current maintainer of the advancecomp package.

Andrea Mazzoleni - 2022-11-22

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andrea Mazzoleni - 2022-11-22

Fixed in github with commit "Check for truncated end of central directory"

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ben Beasley - 2022-11-23

Post awaiting moderation.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: