Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 646770 (CVE-2018-5251, CVE-2018-5294, CVE-2018-6315, CVE-2018-6358, CVE-2018-6359)

Summary: <media-libs/ming-0.20181112: Multiple vulnerabilities
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: graphics+disabled
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/libming/libming/issues/105#
Whiteboard: B3 [glsa+ cve]
Package list:
=media-libs/ming-0.20181112
 Runtime testing required: Yes
Bug Depends on:    
Bug Blocks: 624712, 626498    

Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-06 14:44:48 UTC 
CVE-2018-6359 (https://nvd.nist.gov/vuln/detail/CVE-2018-6359):
  The decompileIF function (util/decompile.c) in libming through 0.4.8 is
  vulnerable to a use-after-free, which may allow attackers to cause a denial
  of service or unspecified other impact via a crafted SWF file.

CVE-2018-6358 (https://nvd.nist.gov/vuln/detail/CVE-2018-6358):
  The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is
  vulnerable to a heap-based buffer overflow, which may allow attackers to
  cause a denial of service or unspecified other impact via a crafted FDB
  file.

CVE-2018-6315 (https://nvd.nist.gov/vuln/detail/CVE-2018-6315):
  The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through
  0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read,
  which may allow attackers to cause a denial of service or unspecified other
  impact via a crafted SWF file.

CVE-2018-5294 (https://nvd.nist.gov/vuln/detail/CVE-2018-5294):
  In libming 0.4.8, there is an integer overflow (caused by an out-of-range
  left shift) in the readUInt32 function (util/read.c). Remote attackers could
  leverage this vulnerability to cause a denial-of-service via a crafted swf
  file.

CVE-2018-5251 (https://nvd.nist.gov/vuln/detail/CVE-2018-5251):
  In libming 0.4.8, there is an integer signedness error vulnerability (left
  shift of a negative value) in the readSBits function (util/read.c). Remote
  attackers can leverage this vulnerability to cause a denial of service via a
  crafted swf file.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-04-05 01:10:12 UTC 
All are fixed in master.  Snapshot release covers all.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-04-05 01:30:52 UTC 
@arches, please stabilize.
Comment 3 Agostino Sarubbo gentoo-dev 2019-04-05 20:47:24 UTC 
amd64 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2019-04-07 21:37:36 UTC 
hppa stable
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2019-04-07 21:42:53 UTC 
ia64 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2019-04-07 21:49:02 UTC 
ppc64 stable
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2019-04-08 06:08:54 UTC 
ppc stable
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2019-04-10 17:05:46 UTC 
x86 stable
Comment 9 Rolf Eike Beer archtester 2019-04-11 19:43:35 UTC 
sparc stable
Comment 10 Yury German Gentoo Infrastructure gentoo-dev 2019-04-19 01:47:53 UTC 
arm / alpha please complete stabilization.
New GLSA Request filed.
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-20 17:57:07 UTC 
alpha stable
Comment 12 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-20 18:40:32 UTC 
arm stable
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2019-04-21 01:49:16 UTC 
tree is clean
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2019-04-24 23:58:35 UTC 
This issue was resolved and addressed in
 GLSA 201904-24 at https://security.gentoo.org/glsa/201904-24
by GLSA coordinator Aaron Bauman (b-man).