advisories/24535.adv

type: security
subject: Updated advancecomp packages fix security vulnerability
CVE:
 - CVE-2019-9210
src:
  6:
   core:
     - advancecomp-1.20-3.3.mga6
description: |
  advancecomp has been updated to fix a security issue that could be
  triggered when pressented with a malformed PNG file. advancecomp
  contained an integer overflow upon encountering an invalid PNG size, which
  could result in a buffer overflow (CVE-2019-9210), as well as a heap-based
  buffer over-read.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24535
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DPZCDOUS5QYMW45SCXCDPCWKC4QVMPLU/
ID: MGASA-2019-0128
1	type: security
2	subject: Updated advancecomp packages fix security vulnerability
3	CVE:
4	- CVE-2019-9210
5	src:
6	6:
7	core:
8	- advancecomp-1.20-3.3.mga6
9	description: \|
10	advancecomp has been updated to fix a security issue that could be
11	triggered when pressented with a malformed PNG file. advancecomp
12	contained an integer overflow upon encountering an invalid PNG size, which
13	could result in a buffer overflow (CVE-2019-9210), as well as a heap-based
14	buffer over-read.
15	references:
16	- https://bugs.mageia.org/show_bug.cgi?id=24535
17	- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DPZCDOUS5QYMW45SCXCDPCWKC4QVMPLU/
18	ID: MGASA-2019-0128