{"id":"CVE-2019-8379","details":"An issue was discovered in AdvanceCOMP through 2.1. A NULL pointer dereference exists in the function be_uint32_read() located in endianrw.h. It can be triggered by sending a crafted file to a binary. It allows an attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact when a victim opens a specially crafted file.","modified":"2026-04-11T17:54:16.775512Z","published":"2019-02-17T02:29:00.410Z","references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J23C6QSTJMQ467KAI6QG54AE4MZRLPQV/"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2332"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00034.html"},{"type":"EVIDENCE","url":"https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-the-function-be_uint32_read-advancecomp/"},{"type":"EVIDENCE","url":"https://sourceforge.net/p/advancemame/bugs/271/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/amadvance/advancecomp","events":[{"introduced":"0"},{"fixed":"7deeafc02b29cc51d51079e66f4f43f986ff9cc5"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1"}]}}],"versions":["advancecomp-1_10","advancecomp-1_11","advancecomp-1_12","advancecomp-1_14","advancecomp-1_15","advancecomp-1_5","advancecomp-1_6","advancecomp-1_7","advancecomp-1_8","advancecomp-1_9","start","v1.16","v1.20","v1.21","v1.22","v1.23","v2.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T17:54:16Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"35"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-8379.json","vanir_signatures":[{"signature_type":"Function","target":{"function":"zip_entry::load_cent","file":"zip.cc"},"id":"CVE-2019-8379-3968b02a","digest":{"length":1966,"function_hash":"321467468925918266439544145187358325760"},"source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","signature_version":"v1","deprecated":false},{"signature_type":"Line","target":{"file":"zip.h"},"id":"CVE-2019-8379-3f007c7a","digest":{"line_hashes":["6651335576648665421247327491986939553","91348778466634692020096315992428283713","29547670071932565996740160462006901437","256148103314772118473567101116115268598","319885927862906967976191860656164805221","264678107151457880459526701790195892921","257470281579423865615083961641682459716","76443178072408789361471932886290707670"],"threshold":0.9},"source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","signature_version":"v1","deprecated":false},{"signature_type":"Function","target":{"function":"zip::open","file":"zip.cc"},"id":"CVE-2019-8379-85559170","digest":{"length":1729,"function_hash":"164258921538431758741901074120975645553"},"source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","signature_version":"v1","deprecated":false},{"signature_type":"Line","target":{"file":"zip.cc"},"id":"CVE-2019-8379-9b1737ab","digest":{"line_hashes":["257546365494205061270092755064996828562","50010835179737217821447437063424575752","196244980015251158572494049525446995258","275951801171959171925270265939756764326","68339847393913405987428737402248022835","195427138168751176154918345170340872540","134795678202951648104285244014986470972","13680457503209864137292416523596784756","10021413725733390442378096509712575577","205564486578456690707893601760460683197","191379634626292510965895360973260994248","236302688381447875756366052400905576643","55507477344539071045430221141517128350","244081027198711190534989130727874074191","34880994883472000943399139874101327290","339071008700891168175802734177351940037","192715935862457478619222445863376708099","237651452991652317578646974087047848810","222015860616939830997589715904301299927","78874381049668327377779002607405631113","286613958765842320394491259004207456313","8172316892424349916836874057715268842"],"threshold":0.9},"source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","signature_version":"v1","deprecated":false},{"signature_type":"Function","target":{"function":"zip_entry::check_cent","file":"zip.cc"},"id":"CVE-2019-8379-b2cefd2c","digest":{"length":344,"function_hash":"129863547958586844154408500275445047903"},"source":"https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5","signature_version":"v1","deprecated":false}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}