Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC

Bug 626498 (CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734)

Summary: <media-libs/ming-0.20181112: Multiple vulnerabilities (CVE-2017-{11734,11733,11732, 11731, 11730, 11729, 11728})
Product: Gentoo Security Reporter: Aleksandr Wagner (Kivak) <alwag>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: graphics+disabled
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 646770    
Bug Blocks:    

Description Aleksandr Wagner (Kivak) 2017-07-29 06:27:22 UTC
CVE-2017-11734 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11734):

A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in_24.html
https://github.com/libming/libming/issues/83

CVE-2017-11733 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11733):

A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingnull-pointer-dereference-in.html
https://github.com/libming/libming/issues/78

CVE-2017-11732 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11732):

A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-dcputs.html
https://github.com/libming/libming/issues/80

CVE-2017-11731 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11731):

An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libminginvalid-memory-read-in-opcode.html
https://github.com/libming/libming/issues/84

CVE-2017-11730 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11730):

A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-opcode_24.html
https://github.com/libming/libming/issues/81

CVE-2017-11729 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11729):

A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-opcode.html
https://github.com/libming/libming/issues/79

CVE-2017-11728 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11728):

A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-opcode_32.html
https://github.com/libming/libming/issues/82
Comment 1 Agostino Sarubbo gentoo-dev 2017-07-29 10:27:20 UTC
B2 because of the heap-overflow write
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2019-04-05 01:07:55 UTC
All are fixed in master.  Snapshot release covers all.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2019-04-24 23:58:27 UTC
This issue was resolved and addressed in
 GLSA 201904-24 at https://security.gentoo.org/glsa/201904-24
by GLSA coordinator Aaron Bauman (b-man).