CVE-2020-23909

Vulnerability

A heap-based buffer over-read vulnerability exists in the png_convert_4 function within pngex.cc in AdvanceMAME through version 2.1 and the development master up to commit fcf71a. The issue occurs when processing specially crafted PNG images, leading to a read beyond the allocated heap buffer. The vulnerability was reported via AddressSanitizer as a heap buffer overflow on address 0x602000000075, reading 260 bytes [1].

Exploitation

An attacker must provide a malicious PNG image to the advmng executable. The trigger command line used in the bug report is ./advmng -c -q -e -r -x @@ [1]. The attacker does not require authentication; the vulnerability is triggered when the user runs the emulator with the crafted file. No network position is needed; local file access suffices.

Impact

Successful exploitation results in a heap-based buffer over-read, which can lead to information disclosure of heap memory contents or cause a crash (denial of service). The bug report shows a read of 260 bytes beyond the allocated heap region [1]. There is no indication of code execution or privilege escalation.

Mitigation

As of the bug report dated August 6, 2020, no fix has been released. The bug status remains open, and the project appears to be unmaintained. Users are advised to avoid using AdvanceMAME to process untrusted PNG images or to discontinue use of the software if possible. No workaround is documented.