CVE-2018-1056

Vulnerability

An out-of-bounds heap buffer read flaw exists in the way advancecomp before version 2.1-2018/02 handles processing of ZIP files. The vulnerability resides in the load_cent() function, which is invoked when the advzip utility processes a ZIP archive. A specially crafted ZIP file can trigger a read beyond the allocated heap buffer, leading to a crash or potential code execution [1][2][3].

Exploitation

An attacker can exploit this vulnerability by providing a maliciously crafted ZIP file to a user or automated system that uses advzip. No special network position is required beyond delivering the file (e.g., via email, download, or file upload). The victim must run advzip on the crafted archive. No authentication is needed; the attack simply requires the user to process the malicious file [1][2].

Impact

Successful exploitation results in a denial of service (crash of advzip), and under certain conditions, may allow arbitrary code execution. The impact is limited by the need for user interaction (opening the file), but the potential for code execution is considered possible based on the heap buffer read flaw [2][3]. The vulnerability is rated as Low severity by Red Hat [3].

Mitigation

A fix is available in advancecomp version 2.1-2018/02. Ubuntu released updates as part of USN-3570-1 on 14 February 2018, and users should upgrade to the patched version [2]. Red Hat Satellite 6 users may receive a future update; no specific workaround is documented for unpatched systems. The CVE is not listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog [3].