{"id":"CVE-2018-1056","details":"An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.","modified":"2026-03-20T11:22:49.003453Z","published":"2018-07-27T18:29:01.343Z","related":["MGASA-2018-0141"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/02/msg00016.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00004.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3570-1/"},{"type":"REPORT","url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889270"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1056"},{"type":"REPORT","url":"https://sourceforge.net/p/advancemame/bugs/259/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/amadvance/advancecomp","events":[{"introduced":"0"},{"fixed":"7deeafc02b29cc51d51079e66f4f43f986ff9cc5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1"}]}}],"versions":["advancecomp-1_10","advancecomp-1_11","advancecomp-1_12","advancecomp-1_14","advancecomp-1_15","advancecomp-1_5","advancecomp-1_6","advancecomp-1_7","advancecomp-1_8","advancecomp-1_9","start","v1.16","v1.20","v1.21","v1.22","v1.23","v2.0"],"database_specific":{"vanir_signatures":[{"deprecated":false,"id":"CVE-2018-1056-3968b02a","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","digest":{"function_hash":"321467468925918266439544145187358325760","length":1966},"signature_type":"Function","signature_version":"v1","target":{"file":"zip.cc","function":"zip_entry::load_cent"}},{"deprecated":false,"id":"CVE-2018-1056-3f007c7a","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","digest":{"line_hashes":["6651335576648665421247327491986939553","91348778466634692020096315992428283713","29547670071932565996740160462006901437","256148103314772118473567101116115268598","319885927862906967976191860656164805221","264678107151457880459526701790195892921","257470281579423865615083961641682459716","76443178072408789361471932886290707670"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","target":{"file":"zip.h"}},{"deprecated":false,"id":"CVE-2018-1056-85559170","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","digest":{"function_hash":"164258921538431758741901074120975645553","length":1729},"signature_type":"Function","signature_version":"v1","target":{"file":"zip.cc","function":"zip::open"}},{"deprecated":false,"id":"CVE-2018-1056-9b1737ab","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","digest":{"line_hashes":["257546365494205061270092755064996828562","50010835179737217821447437063424575752","196244980015251158572494049525446995258","275951801171959171925270265939756764326","68339847393913405987428737402248022835","195427138168751176154918345170340872540","134795678202951648104285244014986470972","13680457503209864137292416523596784756","10021413725733390442378096509712575577","205564486578456690707893601760460683197","191379634626292510965895360973260994248","236302688381447875756366052400905576643","55507477344539071045430221141517128350","244081027198711190534989130727874074191","34880994883472000943399139874101327290","339071008700891168175802734177351940037","192715935862457478619222445863376708099","237651452991652317578646974087047848810","222015860616939830997589715904301299927","78874381049668327377779002607405631113","286613958765842320394491259004207456313","8172316892424349916836874057715268842"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","target":{"file":"zip.cc"}},{"deprecated":false,"id":"CVE-2018-1056-b2cefd2c","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","digest":{"function_hash":"129863547958586844154408500275445047903","length":344},"signature_type":"Function","signature_version":"v1","target":{"file":"zip.cc","function":"zip_entry::check_cent"}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1056.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}