AdvanceCOMP be_uint32_read() Function NULL Pointer Dereference Vulnerability
A vulnerability in AdvanceCOMP could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability is due to a NULL pointer dereference condition that could occur in the be_uint32_read() function, as defined in the endianrw.h source code file of the affected software, when processing files. An attacker could exploit this vulnerability by persuading a user to access a file that submits malicious input to the targeted system. A successful exploit could cause a segmentation fault which could result in a DoS condition or cause other unspecified impacts.
Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available.
The vendor has confirmed the vulnerability and released software updates.
Security Impact Rating: High