Integer Overflow and Buffer Overflow in AdvanceCOMP 2.1's png_compress Function

Integer Overflow and Buffer Overflow in AdvanceCOMP 2.1's png_compress Function

CVE-2019-9210 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.)

Learn more about our Web Application Penetration Testing UK.