Vulnerabilities > CVE-2018-12578 - Out-of-bounds Write vulnerability in Sam2P Project Sam2P 0.49.4

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sam2p-project

CWE-787

critical

nessus

NVD

Published: 2018-06-19

Updated: 2020-08-24

Summary

There is a heap-based buffer overflow in bmp_compress1_row in appliers.cpp in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.

Vulnerable Configurations

Part	Description	Count
Application	Sam2P_Project Sam2P Project Sam2P 0.49.4	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1463.NASL
description	Various vulnerabilities leading to denial of service or possible unspecified other impacts were discovered in sam2p, an utility to convert raster images to EPS, PDF, and other formats. CVE-2018-12578 A heap-buffer-overflow in bmp_compress1_row. Thanks to Peter Szabo for providing a fix. CVE-2018-12601 A heap-buffer-overflow in function ReadImage, in file input-tga.ci. Thanks to Peter Szabo for providing a fix. For Debian 8
last seen	2020-06-01
modified	2020-06-02
plugin id	111651
published	2018-08-13
reporter	This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/111651
title	Debian DLA-1463-1 : sam2p security update

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References