AdvanceCOMP adv_png_unfilter_8 Function Invalid Memory Address Denial of Service Vulnerability

By GIXnews

A vulnerability in AdvanceCOMP could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to an invalid memory address condition that could occur in the adv_png_unfilter_8 function, as defined in the lib/png.c source code file of the affected software, when processing files. An attacker could exploit this vulnerability by persuading a user to access a file that submits malicious input to the targeted system. A successful exploit could cause a segmentation fault, which could result in a DoS condition or cause other unspecified impacts.

Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.

The vendor has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-8383

Source:: Cisco Multivendor Vulnerability Alerts