Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 614494 (CVE-2017-7578) - <media-libs/ming-0.4.8-r1: heap overflow write (CVE-2017-7578)
Summary: <media-libs/ming-0.4.8-r1: heap overflow write (CVE-2017-7578)
Status: RESOLVED FIXED
Alias: CVE-2017-7578
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/libming/libming/is...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks: CVE-2016-9264, CVE-2016-9265, CVE-2016-9266, CVE-2016-9827, CVE-2016-9828, CVE-2016-9829, CVE-2016-9831
  Show dependency tree
 
Reported: 2017-04-02 08:16 UTC by Agostino Sarubbo
Modified: 2017-10-08 20:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-04-02 08:16:34 UTC 
Details at $URL.
Comment 1 Yury German Gentoo Infrastructure gentoo-dev 2017-04-02 12:47:55 UTC 
Ago.. can you please modify your scripts to copy and paste a portion of your blogs or the cove text. You can not expect every developer to jump to your blogs to see every bug.
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2017-04-02 12:52:11 UTC 
This issues are related to #58. The Libming utility listswf crashes due to a heap-based buffer overflow in the function parseSWF_RGBA and several other functions in parser.c. AddressSanitizer flags them as invalid writes "of size 1" but the heap can be actually be written to multiple times (e.g., in each line of parser.c:58-71). The overflows are caused by a pointer behind the bounds of a statically allocated array of structs of type SWF_GRADIENTRECORD.
Comment 3 Agostino Sarubbo gentoo-dev 2017-04-07 08:14:55 UTC 
0.4.8 is out.
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2017-10-08 20:13:40 UTC 
GLSA Vote: No