Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 620318 (CVE-2017-8782) - <media-libs/ming-0.4.8-r1: Integer overflow in the readString function
Summary: <media-libs/ming-0.4.8-r1: Integer overflow in the readString function
Alias: CVE-2017-8782
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on: CVE-2016-9264, CVE-2016-9265, CVE-2016-9266, CVE-2016-9827, CVE-2016-9828, CVE-2016-9829, CVE-2016-9831
  Show dependency tree
Reported: 2017-06-01 08:13 UTC by Agostino Sarubbo
Modified: 2018-01-20 23:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-06-01 08:13:36 UTC
From ${URL} :

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs 
because of an integer overflow that leads to a memory allocation error.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-06-04 15:39:07 UTC

Stabilization will happen as part of bug 614010.
Comment 3 Agostino Sarubbo gentoo-dev 2017-06-07 06:41:48 UTC
the patch looks to be incomplete:
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2017-10-08 20:16:58 UTC
@maintainers, please clean vulnerable =media-libs/ming-0.4.7.

GLSA Vote: No