CVE-2019-8379

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-8379
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-8379.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-8379
Downstream
Published
2019-02-17T02:29:00Z
Modified
2025-10-14T17:14:08.074078Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function beuint32read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.

References

Affected packages

Git / github.com/amadvance/advancecomp

Affected ranges

Type
GIT
Repo
https://github.com/amadvance/advancecomp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7deeafc02b29cc51d51079e66f4f43f986ff9cc5

Affected versions

Other

advancecomp-1_10
advancecomp-1_11
advancecomp-1_12
advancecomp-1_14
advancecomp-1_15
advancecomp-1_5
advancecomp-1_6
advancecomp-1_7
advancecomp-1_8
advancecomp-1_9
start

v1.*

v1.16
v1.20
v1.21
v1.22
v1.23

v2.*

v2.0

Database specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "function": "zip_entry::load_cent",
                "file": "zip.cc"
            },
            "signature_type": "Function",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "deprecated": false,
            "digest": {
                "length": 1966.0,
                "function_hash": "321467468925918266439544145187358325760"
            },
            "id": "CVE-2019-8379-3968b02a"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "zip.h"
            },
            "signature_type": "Line",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "6651335576648665421247327491986939553",
                    "91348778466634692020096315992428283713",
                    "29547670071932565996740160462006901437",
                    "256148103314772118473567101116115268598",
                    "319885927862906967976191860656164805221",
                    "264678107151457880459526701790195892921",
                    "257470281579423865615083961641682459716",
                    "76443178072408789361471932886290707670"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2019-8379-3f007c7a"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "zip::open",
                "file": "zip.cc"
            },
            "signature_type": "Function",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "deprecated": false,
            "digest": {
                "length": 1729.0,
                "function_hash": "164258921538431758741901074120975645553"
            },
            "id": "CVE-2019-8379-85559170"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "zip.cc"
            },
            "signature_type": "Line",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "257546365494205061270092755064996828562",
                    "50010835179737217821447437063424575752",
                    "196244980015251158572494049525446995258",
                    "275951801171959171925270265939756764326",
                    "68339847393913405987428737402248022835",
                    "195427138168751176154918345170340872540",
                    "134795678202951648104285244014986470972",
                    "13680457503209864137292416523596784756",
                    "10021413725733390442378096509712575577",
                    "205564486578456690707893601760460683197",
                    "191379634626292510965895360973260994248",
                    "236302688381447875756366052400905576643",
                    "55507477344539071045430221141517128350",
                    "244081027198711190534989130727874074191",
                    "34880994883472000943399139874101327290",
                    "339071008700891168175802734177351940037",
                    "192715935862457478619222445863376708099",
                    "237651452991652317578646974087047848810",
                    "222015860616939830997589715904301299927",
                    "78874381049668327377779002607405631113",
                    "286613958765842320394491259004207456313",
                    "8172316892424349916836874057715268842"
                ],
                "threshold": 0.9
            },
            "id": "CVE-2019-8379-9b1737ab"
        },
        {
            "signature_version": "v1",
            "target": {
                "function": "zip_entry::check_cent",
                "file": "zip.cc"
            },
            "signature_type": "Function",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "deprecated": false,
            "digest": {
                "length": 344.0,
                "function_hash": "129863547958586844154408500275445047903"
            },
            "id": "CVE-2019-8379-b2cefd2c"
        }
    ]
}