CVE-2019-8383
Description
A crafted PNG file triggers an invalid memory access in adv_png_unfilter_8 in AdvanceCOMP 2.1, causing a denial of service via segmentation fault.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A crafted PNG file triggers an invalid memory access in adv_png_unfilter_8 in AdvanceCOMP 2.1, causing a denial of service via segmentation fault.
Vulnerability
An invalid memory address occurs in the function adv_png_unfilter_8 in lib/png.c of AdvanceCOMP through version 2.1 [1]. The function processes PNG filter bytes during decompression; when a specially crafted file is supplied, an out-of-bounds read or write leads to a segmentation fault [1][2]. The vulnerable code path is reachable when any AdvanceCOMP utility (e.g., advpng) opens a malicious PNG file [1].
Exploitation
An attacker must craft a malicious PNG file and convince a victim to process it with an AdvanceCOMP binary (e.g., ./advpng -z -1 -f $POC) [1]. No authentication or special network position is required; the victim’s interaction (opening the file) is sufficient. The crash occurs during the unfiltering loop when reading the filter byte and advancing the pointer based on width [1].
Impact
Successful exploitation causes a segmentation fault, resulting in a denial of service (DoS) of the affected application [1][2]. The official description notes “possibly have unspecified other impact,” but no further details are provided in the available references [1][2].
Mitigation
The bug is fixed in later versions of AdvanceCOMP; the SourceForge ticket is marked as closed-fixed [1]. Red Hat released RHSA-2019:2332 for Red Hat Enterprise Linux 7, updating advancecomp to a patched version [2]. Users should apply updates from their distribution or upgrade to the latest release from the AdvanceCOMP project [1][2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: advancecomp-1_10, advancecomp-1_11, advancecomp-1_12, …
- Range: <=2.1
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing bounds checking on the pointer `p` in `adv_png_unfilter_8` allows reading from an invalid memory address when processing a crafted PNG file."
Attack vector
An attacker crafts a malicious PNG file with manipulated width, height, or filter-byte values that cause the pointer `p` inside `adv_png_unfilter_8` to advance beyond the allocated image data buffer [ref_id=1]. When a victim runs `advpng -z -1 -f $POC` (or any binary that calls the vulnerable function) on the crafted file, the loop reads from an invalid memory address, triggering a segmentation fault [ref_id=1]. No authentication or special network access is required; the attack is file-based.
Affected code
The vulnerability resides in the function `adv_png_unfilter_8` in `lib/png.c` [ref_id=1]. The crash occurs at line 277 where `unsigned char f = *p++;` dereferences a pointer that has been advanced past the bounds of the allocated buffer, leading to an invalid memory access [ref_id=1].
What the fix does
The Red Hat advisory [ref_id=2] lists a fixed package (advancecomp-1.15-21.el7) that addresses this CVE, but the specific patch diff is not included in the bundle. The advisory describes the issue as a denial of service in `adv_png_unfilter_8` in `lib/png.c` [ref_id=2]. The fix likely adds bounds checking on the pointer `p` before dereferencing the filter byte, ensuring the loop does not read past the end of the allocated buffer.
Preconditions
- inputVictim must open a specially crafted PNG file with a tool that calls adv_png_unfilter_8 (e.g., advpng).
- networkNo authentication or network access required; attack is local file-based.
Generated on Jun 1, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- access.redhat.com/errata/RHSA-2019:2332mitrevendor-advisoryx_refsource_REDHAT
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/mitrevendor-advisoryx_refsource_FEDORA
- lists.debian.org/debian-lts-announce/2021/12/msg00034.htmlmitremailing-listx_refsource_MLIST
- research.loginsoft.com/bugs/invalid-memory-access-in-adv_png_unfilter_8-advancecomp/mitrex_refsource_MISC
- sourceforge.net/p/advancemame/bugs/272/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.