Summary: | media-libs/ming: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/libming/libming/blob/master/NEWS | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2018-03-09 15:06:46 UTC
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2018-7877 (https://nvd.nist.gov/vuln/detail/CVE-2018-7877): > There is a heap-based buffer overflow in the getString function of > util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will > lead > to a denial of service attack. > Not fixed yet. > CVE-2018-7876 (https://nvd.nist.gov/vuln/detail/CVE-2018-7876): > In libming 0.4.8, a memory exhaustion vulnerability was found in the > function parseSWF_ACTIONRECORD in util/parser.c, which allows remote > attackers to cause a denial of service via a crafted file. Not fixed yet. > CVE-2018-7873 (https://nvd.nist.gov/vuln/detail/CVE-2018-7873): > There is a heap-based buffer overflow in the getString function of > util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will > lead to a denial of service attack. not fixed yet. > CVE-2018-7869 (https://nvd.nist.gov/vuln/detail/CVE-2018-7869): > There is a memory leak triggered in the function dcinit of util/decompile.c > in libming 0.4.8, which will lead to a denial of service attack. > Not fixed yet. > CVE-2018-7866 (https://nvd.nist.gov/vuln/detail/CVE-2018-7866): > A NULL pointer dereference was discovered in newVar3 in util/decompile.c in > libming 0.4.8. The vulnerability causes a segmentation fault and > application > crash, which leads to denial of service. anddd not fixed yet. All others are fixed in media-libs/ming-0.20181112 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f85984054ed9f49d7245234ee6aa9e737607f148 commit f85984054ed9f49d7245234ee6aa9e737607f148 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-08-04 19:29:04 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-08-04 19:29:04 +0000 profiles/package.mask: add media-libs/ming Bug: https://bugs.gentoo.org/626412 Bug: https://bugs.gentoo.org/650006 Bug: https://bugs.gentoo.org/651574 Bug: https://bugs.gentoo.org/661152 Bug: https://bugs.gentoo.org/678804 Signed-off-by: Aaron Bauman <bman@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+) The package has been removed. |