Ubuntu Security Notice 5671-1 - It was discovered that AdvanceCOMP did not properly manage memory of function be_uint32_read under certain circumstances. If a user were tricked into opening a specially crafted binary file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service. It was discovered that AdvanceCOMP did not properly manage memory of function adv_png_unfilter_8 under certain circumstances. If a user were tricked into opening a specially crafted PNG file, a remote attacker could possibly use this issue to cause AdvanceCOMP to crash, resulting in a denial of service.
b1b7968a5cbc0ebec87da1fc6ec8b0ff20332c72304afdacb420c562e0e5527f
=========================================================================
Ubuntu Security Notice USN-5671-1
October 12, 2022
advancecomp vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in AdvanceCOMP.
Software Description:
- advancecomp: collection of recompression utilities
Details:
It was discovered that AdvanceCOMP did not properly manage memory of function
be_uint32_read() under certain circumstances. If a user were tricked into
opening a specially crafted binary file, a remote attacker could possibly use
this issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8379)
It was discovered that AdvanceCOMP did not properly manage memory of function
adv_png_unfilter_8() under certain circumstances. If a user were tricked into
opening a specially crafted PNG file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8383)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.04 LTS:
advancecomp 2.1-1ubuntu0.18.04.2
Ubuntu 16.04 ESM:
advancecomp 1.20-1ubuntu0.2+esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5671-1
CVE-2019-8379, CVE-2019-8383
Package Information:
https://launchpad.net/ubuntu/+source/advancecomp/2.1-1ubuntu0.18.04.2