CVE-2018-1056

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1056
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1056.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1056
Downstream
Related
Published
2018-07-27T18:29:01Z
Modified
2025-09-19T09:18:38.245980Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

References

Affected packages

Git / github.com/amadvance/advancecomp

Affected ranges

Type
GIT
Repo
https://github.com/amadvance/advancecomp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7deeafc02b29cc51d51079e66f4f43f986ff9cc5

Affected versions

Other

advancecomp-1_10
advancecomp-1_11
advancecomp-1_12
advancecomp-1_14
advancecomp-1_15
advancecomp-1_5
advancecomp-1_6
advancecomp-1_7
advancecomp-1_8
advancecomp-1_9
start

v1.*

v1.16
v1.20
v1.21
v1.22
v1.23

v2.*

v2.0

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "321467468925918266439544145187358325760",
                "length": 1966.0
            },
            "signature_type": "Function",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "signature_version": "v1",
            "target": {
                "file": "zip.cc",
                "function": "zip_entry::load_cent"
            },
            "deprecated": false,
            "id": "CVE-2018-1056-3968b02a"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "6651335576648665421247327491986939553",
                    "91348778466634692020096315992428283713",
                    "29547670071932565996740160462006901437",
                    "256148103314772118473567101116115268598",
                    "319885927862906967976191860656164805221",
                    "264678107151457880459526701790195892921",
                    "257470281579423865615083961641682459716",
                    "76443178072408789361471932886290707670"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "signature_version": "v1",
            "target": {
                "file": "zip.h"
            },
            "deprecated": false,
            "id": "CVE-2018-1056-3f007c7a"
        },
        {
            "digest": {
                "function_hash": "164258921538431758741901074120975645553",
                "length": 1729.0
            },
            "signature_type": "Function",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "signature_version": "v1",
            "target": {
                "file": "zip.cc",
                "function": "zip::open"
            },
            "deprecated": false,
            "id": "CVE-2018-1056-85559170"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "257546365494205061270092755064996828562",
                    "50010835179737217821447437063424575752",
                    "196244980015251158572494049525446995258",
                    "275951801171959171925270265939756764326",
                    "68339847393913405987428737402248022835",
                    "195427138168751176154918345170340872540",
                    "134795678202951648104285244014986470972",
                    "13680457503209864137292416523596784756",
                    "10021413725733390442378096509712575577",
                    "205564486578456690707893601760460683197",
                    "191379634626292510965895360973260994248",
                    "236302688381447875756366052400905576643",
                    "55507477344539071045430221141517128350",
                    "244081027198711190534989130727874074191",
                    "34880994883472000943399139874101327290",
                    "339071008700891168175802734177351940037",
                    "192715935862457478619222445863376708099",
                    "237651452991652317578646974087047848810",
                    "222015860616939830997589715904301299927",
                    "78874381049668327377779002607405631113",
                    "286613958765842320394491259004207456313",
                    "8172316892424349916836874057715268842"
                ]
            },
            "signature_type": "Line",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "signature_version": "v1",
            "target": {
                "file": "zip.cc"
            },
            "deprecated": false,
            "id": "CVE-2018-1056-9b1737ab"
        },
        {
            "digest": {
                "function_hash": "129863547958586844154408500275445047903",
                "length": 344.0
            },
            "signature_type": "Function",
            "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
            "signature_version": "v1",
            "target": {
                "file": "zip.cc",
                "function": "zip_entry::check_cent"
            },
            "deprecated": false,
            "id": "CVE-2018-1056-b2cefd2c"
        }
    ]
}