Bug 626498 (CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734)

Summary:	<media-libs/ming-0.20181112: Multiple vulnerabilities (CVE-2017-{11734,11733,11732, 11731, 11730, 11729, 11728})
Product:	Gentoo Security	Reporter:	Aleksandr Wagner (Kivak) <alwag>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	graphics+disabled
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa+ cve]
Package list:		Runtime testing required:	---
Bug Depends on:	646770
Bug Blocks:

Description Aleksandr Wagner (Kivak) 2017-07-29 06:27:22 UTC

CVE-2017-11734 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11734):

A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in_24.html
https://github.com/libming/libming/issues/83

CVE-2017-11733 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11733):

A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingnull-pointer-dereference-in.html
https://github.com/libming/libming/issues/78

CVE-2017-11732 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11732):

A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-dcputs.html
https://github.com/libming/libming/issues/80

CVE-2017-11731 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11731):

An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libminginvalid-memory-read-in-opcode.html
https://github.com/libming/libming/issues/84

CVE-2017-11730 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11730):

A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-opcode_24.html
https://github.com/libming/libming/issues/81

CVE-2017-11729 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11729):

A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-opcode.html
https://github.com/libming/libming/issues/79

CVE-2017-11728 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11728):

A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-opcode_32.html
https://github.com/libming/libming/issues/82

Comment 1 Agostino Sarubbo gentoo-dev

2017-07-29 10:27:20 UTC

B2 because of the heap-overflow write

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2019-04-05 01:07:55 UTC

All are fixed in master.  Snapshot release covers all.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2019-04-24 23:58:27 UTC

This issue was resolved and addressed in
 GLSA 201904-24 at https://security.gentoo.org/glsa/201904-24
by GLSA coordinator Aaron Bauman (b-man).