620318 – (CVE-2017-8782) <media-libs/ming-0.4.8-r1: Integer overflow in the readString function

Bug 620318 (CVE-2017-8782) - <media-libs/ming-0.4.8-r1: Integer overflow in the readString function

Summary: <media-libs/ming-0.4.8-r1: Integer overflow in the readString function

Status:	RESOLVED FIXED

Alias:	CVE-2017-8782

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	CVE-2016-9264, CVE-2016-9265, CVE-2016-9266, CVE-2016-9827, CVE-2016-9828, CVE-2016-9829, CVE-2016-9831
Blocks:
	Show dependency tree

Reported:	2017-06-01 08:13 UTC by Agostino Sarubbo
Modified:	2018-01-20 23:48 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-06-01 08:13:36 UTC

From ${URL} :

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs 
because of an integer overflow that leads to a memory allocation error.

References:

http://seclists.org/fulldisclosure/2017/May/106


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Agostino Sarubbo gentoo-dev

2017-06-02 10:40:17 UTC

https://github.com/libming/libming/commit/6eca133ee9985c298186cbe05f888082c30bf2d9

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-04 15:39:07 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=85ec0fe12f825538a27506b28f9c5368e6a942d9

Stabilization will happen as part of bug 614010.

Comment 3 Agostino Sarubbo gentoo-dev

2017-06-07 06:41:48 UTC

the patch looks to be incomplete:

https://github.com/libming/libming/commit/befb7439c2cf4768bcca09651d6325e8f078e992

Comment 4 Aaron Bauman (RETIRED) gentoo-dev

2017-10-08 20:16:58 UTC

@maintainers, please clean vulnerable =media-libs/ming-0.4.7.

GLSA Vote: No

Comment 5 Aaron Bauman (RETIRED) gentoo-dev

2018-01-20 23:48:56 UTC

Tree is clean:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98b0a157384de0841eae9f36be08122ffd31a3cd