Summary: | <media-libs/ming-0.4.8-r1: heap overflow write (CVE-2017-7578) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/libming/libming/issues/68 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 614010 |
Description
Agostino Sarubbo
![]() Ago.. can you please modify your scripts to copy and paste a portion of your blogs or the cove text. You can not expect every developer to jump to your blogs to see every bug. This issues are related to #58. The Libming utility listswf crashes due to a heap-based buffer overflow in the function parseSWF_RGBA and several other functions in parser.c. AddressSanitizer flags them as invalid writes "of size 1" but the heap can be actually be written to multiple times (e.g., in each line of parser.c:58-71). The overflows are caused by a pointer behind the bounds of a statically allocated array of structs of type SWF_GRADIENTRECORD. 0.4.8 is out. GLSA Vote: No |