{"id":"CVE-2019-8379","details":"An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.","modified":"2026-05-18T18:25:02.517715Z","published":"2019-02-17T02:29:00.410Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"9.0"}],"cpes":["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"vendor_product":"debian:debian_linux"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"35"}],"cpes":["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_for_power_little_endian"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_server"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}],"cpes":["cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"],"vendor_product":"redhat:enterprise_linux_workstation"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2332"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html"},{"type":"EVIDENCE","url":"https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-the-function-be_uint32_read-advancecomp/"},{"type":"EVIDENCE","url":"https://sourceforge.net/p/advancemame/bugs/271/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/amadvance/advancecomp","events":[{"introduced":"0"},{"fixed":"7deeafc02b29cc51d51079e66f4f43f986ff9cc5"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"2.1"}],"cpe":"cpe:2.3:a:advancemame:advancecomp:*:*:*:*:*:*:*:*"}}],"versions":["v2.0","v1.23","v1.22","v1.21","v1.20","v1.16","advancecomp-1_15","advancecomp-1_14","advancecomp-1_12","advancecomp-1_11","advancecomp-1_10","advancecomp-1_9","advancecomp-1_8","advancecomp-1_7","advancecomp-1_6","advancecomp-1_5","start"],"database_specific":{"vanir_signatures_modified":"2026-05-18T18:25:02Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-8379.json","vanir_signatures":[{"id":"CVE-2019-8379-3968b02a","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","deprecated":false,"target":{"file":"zip.cc","function":"zip_entry::load_cent"},"signature_version":"v1","signature_type":"Function","digest":{"length":1966,"function_hash":"321467468925918266439544145187358325760"}},{"id":"CVE-2019-8379-3f007c7a","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","deprecated":false,"target":{"file":"zip.h"},"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["6651335576648665421247327491986939553","91348778466634692020096315992428283713","29547670071932565996740160462006901437","256148103314772118473567101116115268598","319885927862906967976191860656164805221","264678107151457880459526701790195892921","257470281579423865615083961641682459716","76443178072408789361471932886290707670"],"threshold":0.9}},{"id":"CVE-2019-8379-85559170","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","deprecated":false,"target":{"file":"zip.cc","function":"zip::open"},"signature_version":"v1","signature_type":"Function","digest":{"length":1729,"function_hash":"164258921538431758741901074120975645553"}},{"id":"CVE-2019-8379-9b1737ab","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","deprecated":false,"target":{"file":"zip.cc"},"signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["257546365494205061270092755064996828562","50010835179737217821447437063424575752","196244980015251158572494049525446995258","275951801171959171925270265939756764326","68339847393913405987428737402248022835","195427138168751176154918345170340872540","134795678202951648104285244014986470972","13680457503209864137292416523596784756","10021413725733390442378096509712575577","205564486578456690707893601760460683197","191379634626292510965895360973260994248","236302688381447875756366052400905576643","55507477344539071045430221141517128350","244081027198711190534989130727874074191","34880994883472000943399139874101327290","339071008700891168175802734177351940037","192715935862457478619222445863376708099","237651452991652317578646974087047848810","222015860616939830997589715904301299927","78874381049668327377779002607405631113","286613958765842320394491259004207456313","8172316892424349916836874057715268842"],"threshold":0.9}},{"id":"CVE-2019-8379-b2cefd2c","source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","deprecated":false,"target":{"file":"zip.cc","function":"zip_entry::check_cent"},"signature_version":"v1","signature_type":"Function","digest":{"length":344,"function_hash":"129863547958586844154408500275445047903"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}