Vulnerabilities > CVE-2018-12601 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
sam2p-project
debian
CWE-787
critical
nessus

Summary

There is a heap-based buffer overflow in ReadImage in input-tga.ci in sam2p 0.49.4 that leads to a denial of service or possibly unspecified other impact.

Vulnerable Configurations

Part Description Count
Application
Sam2P_Project
1
OS
Debian
1

Common Weakness Enumeration (CWE)

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DLA-1463.NASL
descriptionVarious vulnerabilities leading to denial of service or possible unspecified other impacts were discovered in sam2p, an utility to convert raster images to EPS, PDF, and other formats. CVE-2018-12578 A heap-buffer-overflow in bmp_compress1_row. Thanks to Peter Szabo for providing a fix. CVE-2018-12601 A heap-buffer-overflow in function ReadImage, in file input-tga.ci. Thanks to Peter Szabo for providing a fix. For Debian 8
last seen2020-06-01
modified2020-06-02
plugin id111651
published2018-08-13
reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/111651
titleDebian DLA-1463-1 : sam2p security update