CVE-2018-1056

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-1056
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1056.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-1056
Downstream
Related
Published
2018-07-27T18:29:01Z
Modified
2025-10-15T09:16:53.565635Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.

References

Affected packages

Git / github.com/amadvance/advancecomp

Affected ranges

Type
GIT
Repo
https://github.com/amadvance/advancecomp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
7deeafc02b29cc51d51079e66f4f43f986ff9cc5

Affected versions

Other

advancecomp-1_10
advancecomp-1_11
advancecomp-1_12
advancecomp-1_14
advancecomp-1_15
advancecomp-1_5
advancecomp-1_6
advancecomp-1_7
advancecomp-1_8
advancecomp-1_9
start

v1.*

v1.16
v1.20
v1.21
v1.22
v1.23

v2.*

v2.0

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2018-1056-3968b02a",
        "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
        "signature_version": "v1",
        "target": {
            "function": "zip_entry::load_cent",
            "file": "zip.cc"
        },
        "digest": {
            "function_hash": "321467468925918266439544145187358325760",
            "length": 1966.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2018-1056-3f007c7a",
        "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
        "signature_version": "v1",
        "target": {
            "file": "zip.h"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "6651335576648665421247327491986939553",
                "91348778466634692020096315992428283713",
                "29547670071932565996740160462006901437",
                "256148103314772118473567101116115268598",
                "319885927862906967976191860656164805221",
                "264678107151457880459526701790195892921",
                "257470281579423865615083961641682459716",
                "76443178072408789361471932886290707670"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2018-1056-85559170",
        "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
        "signature_version": "v1",
        "target": {
            "function": "zip::open",
            "file": "zip.cc"
        },
        "digest": {
            "function_hash": "164258921538431758741901074120975645553",
            "length": 1729.0
        },
        "deprecated": false
    },
    {
        "signature_type": "Line",
        "id": "CVE-2018-1056-9b1737ab",
        "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
        "signature_version": "v1",
        "target": {
            "file": "zip.cc"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "257546365494205061270092755064996828562",
                "50010835179737217821447437063424575752",
                "196244980015251158572494049525446995258",
                "275951801171959171925270265939756764326",
                "68339847393913405987428737402248022835",
                "195427138168751176154918345170340872540",
                "134795678202951648104285244014986470972",
                "13680457503209864137292416523596784756",
                "10021413725733390442378096509712575577",
                "205564486578456690707893601760460683197",
                "191379634626292510965895360973260994248",
                "236302688381447875756366052400905576643",
                "55507477344539071045430221141517128350",
                "244081027198711190534989130727874074191",
                "34880994883472000943399139874101327290",
                "339071008700891168175802734177351940037",
                "192715935862457478619222445863376708099",
                "237651452991652317578646974087047848810",
                "222015860616939830997589715904301299927",
                "78874381049668327377779002607405631113",
                "286613958765842320394491259004207456313",
                "8172316892424349916836874057715268842"
            ]
        },
        "deprecated": false
    },
    {
        "signature_type": "Function",
        "id": "CVE-2018-1056-b2cefd2c",
        "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5",
        "signature_version": "v1",
        "target": {
            "function": "zip_entry::check_cent",
            "file": "zip.cc"
        },
        "digest": {
            "function_hash": "129863547958586844154408500275445047903",
            "length": 344.0
        },
        "deprecated": false
    }
]