Summary: | media-gfx/swftools: Multiple vulnerabilities (CVE-2017-{16796,16797,6711,6793,6794}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | dblaci, maintainer-needed, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 650888 | ||
Bug Blocks: |
Description
GLSAMaker/CVETool Bot
2017-11-11 20:21:26 UTC
@Maintainers could you please confirm if we are affected? If that's the case please let us know when tree is clean. Thank you CVE-2017-16794 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16794): The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf. CVE-2017-16793 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16793): The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file. CVE-2017-16797 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16797): In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file. CVE-2017-16796 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16796): In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b1d6b78e63660d748d81395bb01c5c63d553cf37 commit b1d6b78e63660d748d81395bb01c5c63d553cf37 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-03-29 23:49:20 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-03-29 23:49:20 +0000 package.mask: Last-rite media-gfx/swftools * Multiple outstanding security vulnerabilities * No upstream releases in years * Maintainers have not patched Bug: https://bugs.gentoo.org/617252 Bug: https://bugs.gentoo.org/635208 Bug: https://bugs.gentoo.org/637172 Bug: https://bugs.gentoo.org/650888 Signed-off-by: Aaron Bauman <bman@gentoo.org> profiles/package.mask | 6 ++++++ 1 file changed, 6 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32edfe461d949f5b809fefe51e0248c2c27f53b4 commit 32edfe461d949f5b809fefe51e0248c2c27f53b4 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-04-28 20:01:03 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-04-28 20:02:33 +0000 media-gfx/swftools: Remove last-rited pkg Bug: https://bugs.gentoo.org/650888 Bug: https://bugs.gentoo.org/637172 Bug: https://bugs.gentoo.org/635208 Bug: https://bugs.gentoo.org/617252 Signed-off-by: Michał Górny <mgorny@gentoo.org> media-gfx/swftools/Manifest | 1 - .../swftools/files/swftools-0.9.2-jpeg-9.patch | 17 ----- .../swftools/files/swftools-0.9.2_general.patch | 28 ------- .../swftools/files/swftools-0.9.2_giflib.patch | 89 ---------------------- .../swftools/files/swftools-0.9.2_giflib5.patch | 26 ------- .../swftools/files/swftools-0.9.2_nopdf.patch | 40 ---------- media-gfx/swftools/metadata.xml | 5 -- media-gfx/swftools/swftools-0.9.2-r1.ebuild | 48 ------------ profiles/package.mask | 6 -- 9 files changed, 260 deletions(-) |