An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files.
{ "vanir_signatures": [ { "digest": { "function_hash": "321467468925918266439544145187358325760", "length": 1966.0 }, "signature_type": "Function", "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5", "signature_version": "v1", "target": { "file": "zip.cc", "function": "zip_entry::load_cent" }, "deprecated": false, "id": "CVE-2018-1056-3968b02a" }, { "digest": { "threshold": 0.9, "line_hashes": [ "6651335576648665421247327491986939553", "91348778466634692020096315992428283713", "29547670071932565996740160462006901437", "256148103314772118473567101116115268598", "319885927862906967976191860656164805221", "264678107151457880459526701790195892921", "257470281579423865615083961641682459716", "76443178072408789361471932886290707670" ] }, "signature_type": "Line", "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5", "signature_version": "v1", "target": { "file": "zip.h" }, "deprecated": false, "id": "CVE-2018-1056-3f007c7a" }, { "digest": { "function_hash": "164258921538431758741901074120975645553", "length": 1729.0 }, "signature_type": "Function", "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5", "signature_version": "v1", "target": { "file": "zip.cc", "function": "zip::open" }, "deprecated": false, "id": "CVE-2018-1056-85559170" }, { "digest": { "threshold": 0.9, "line_hashes": [ "257546365494205061270092755064996828562", "50010835179737217821447437063424575752", "196244980015251158572494049525446995258", "275951801171959171925270265939756764326", "68339847393913405987428737402248022835", "195427138168751176154918345170340872540", "134795678202951648104285244014986470972", "13680457503209864137292416523596784756", "10021413725733390442378096509712575577", "205564486578456690707893601760460683197", "191379634626292510965895360973260994248", "236302688381447875756366052400905576643", "55507477344539071045430221141517128350", "244081027198711190534989130727874074191", "34880994883472000943399139874101327290", "339071008700891168175802734177351940037", "192715935862457478619222445863376708099", "237651452991652317578646974087047848810", "222015860616939830997589715904301299927", "78874381049668327377779002607405631113", "286613958765842320394491259004207456313", "8172316892424349916836874057715268842" ] }, "signature_type": "Line", "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5", "signature_version": "v1", "target": { "file": "zip.cc" }, "deprecated": false, "id": "CVE-2018-1056-9b1737ab" }, { "digest": { "function_hash": "129863547958586844154408500275445047903", "length": 344.0 }, "signature_type": "Function", "source": "https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5", "signature_version": "v1", "target": { "file": "zip.cc", "function": "zip_entry::check_cent" }, "deprecated": false, "id": "CVE-2018-1056-b2cefd2c" } ] }