FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

advancecomp -- multiple vulnerabilities

Affected packages
advancecomp < 2.1.6


VuXML ID 0bf816f6-3cfe-11ec-86cd-dca632b19f10
Discovery 2018-07-29
Entry 2021-11-19

Joonun Jang reports:

heap buffer overflow running advzip with "-l poc" option

Running 'advzip -l poc' with the attached file raises heap buffer overflow which may allow a remote attacker to cause unspecified impact including denial-of-service attack. I expected the program to terminate without segfault, but the program crashes as follow. [...]

and other vulnerabilities.


CVE Name CVE-2018-1056
CVE Name CVE-2019-8379
CVE Name CVE-2019-8383
CVE Name CVE-2019-9210