Vulnerabilities > CVE-2018-7554 - Use After Free vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sam2p-project

debian

CWE-416

critical

nessus

NVD

Published: 2018-02-28

Updated: 2019-03-01

Summary

There is an invalid free in ReadImage in input-bmp.ci that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.

Vulnerable Configurations

Part	Description	Count
Application	Sam2P_Project Sam2P Project Sam2P 0.49.4	1
OS	Debian Debian Debian Linux 7.0	1

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1340.NASL
description	Multiple invalid frees and buffer-overflow vulnerabilities were discovered in sam2p, a utility to convert raster images and other image formats, that may lead to a denial of service (application crash) or unspecified other impact. For Debian 7
last seen	2020-03-17
modified	2018-04-10
plugin id	108901
published	2018-04-10
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/108901
title	Debian DLA-1340-1 : sam2p security update

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References