https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c/ https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-listmp3-c https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c
CVE ID: CVE-2016-9264 Summary: Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. Published: 2017-03-23T18:59:00.000Z CVE ID: CVE-2016-9265 Summary: The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. Published: 2017-03-23T18:59:00.000Z CVE ID: CVE-2016-9266 Summary: listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. Published: 2017-03-23T18:59:00.000Z CVE ID: CVE-2016-9829 Summary: Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. Published: 2017-02-17T02:59:14.000Z CVE ID: CVE-2016-9831 Summary: Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. Published: 2017-02-17T02:59:14.000Z CVE ID: CVE-2016-9827 Summary: The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file. Published: 2017-02-17T02:59:14.000Z CVE ID: CVE-2016-9828 Summary: The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file. Published: 2017-02-17T02:59:14.000Z
0.4.8 is out.
Now in repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=684258c25ffea84662af8c51fa1c61e90de04b5d @ Arches, please test and mark stable: =media-libs/ming-0.4.8
@ Arches, we bumped the package to -r1 to include patch for CVE-2017-8782 (bug 620318). So please proceed with stabilization of =media-libs/ming-0.4.8-r1
amd64 stable
x86 stable
arm stable
ia64 stable
alpha stable
sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
ppc stable
ppc/ppc64 stable
hppa stable
sparc stable (thanks to Rolf Eike Beer)
GLSA Vote: No