M4X

**Name of the Vulnerable Software and Affected Versions** AdvanceCOMP version 2.1 **Description** The issue is caused by an integer overflow in the `png compress` function in `pngex.cc` of the AdvanceCOMP utility. This overflow occurs when encountering an invalid PNG size, leading to an attempted `memcpy` into a buffer that is too small. Additionally, there is a heap-based buffer over-read. Exploitation of this issue could allow an attacker to execute arbitrary code. **Recommendations** For AdvanceCOMP version 2.1, consider disabling the `png compress` function in `pngex.cc` until a patch is available to prevent potential exploitation. Restrict the use of the affected `advpng` utility to minimize risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.