614010 – (CVE-2016-9264, CVE-2016-9265, CVE-2016-9266, CVE-2016-9827, CVE-2016-9828, CVE-2016-9829, CVE-2016-9831) <media-libs/ming-0.4.8-r1: multiple vulnerabilities

Bug 614010 (CVE-2016-9264, CVE-2016-9265, CVE-2016-9266, CVE-2016-9827, CVE-2016-9828, CVE-2016-9829, CVE-2016-9831) - <media-libs/ming-0.4.8-r1: multiple vulnerabilities

Summary: <media-libs/ming-0.4.8-r1: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2016-9264, CVE-2016-9265, CVE-2016-9266, CVE-2016-9827, CVE-2016-9828, CVE-2016-9829, CVE-2016-9831

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:	CVE-2017-7578
Blocks:	CVE-2017-8782
	Show dependency tree

Reported:	2017-03-27 09:07 UTC by Agostino Sarubbo
Modified:	2017-10-08 20:12 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	media-libs/ming-0.4.8-r1
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2017-03-27 09:07:47 UTC

https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c/
https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-listmp3-c
https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c
https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c

Comment 1 Yury German Gentoo Infrastructure

2017-03-29 07:23:04 UTC

    CVE ID: CVE-2016-9264
   Summary: Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.
 Published: 2017-03-23T18:59:00.000Z

    CVE ID: CVE-2016-9265
   Summary: The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.
 Published: 2017-03-23T18:59:00.000Z

    CVE ID: CVE-2016-9266
   Summary: listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift.
 Published: 2017-03-23T18:59:00.000Z

    CVE ID: CVE-2016-9829
   Summary: Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
 Published: 2017-02-17T02:59:14.000Z

    CVE ID: CVE-2016-9831
   Summary: Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.
 Published: 2017-02-17T02:59:14.000Z

    CVE ID: CVE-2016-9827
   Summary: The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file.
 Published: 2017-02-17T02:59:14.000Z

    CVE ID: CVE-2016-9828
   Summary: The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.
 Published: 2017-02-17T02:59:14.000Z

Comment 2 Agostino Sarubbo gentoo-dev

2017-04-07 08:15:13 UTC

0.4.8 is out.

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-04 12:29:56 UTC

Now in repository via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=684258c25ffea84662af8c51fa1c61e90de04b5d


@ Arches,

please test and mark stable: =media-libs/ming-0.4.8

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-04 15:40:55 UTC

@ Arches,

we bumped the package to -r1 to include patch for CVE-2017-8782 (bug 620318).
So please proceed with stabilization of =media-libs/ming-0.4.8-r1

Comment 5 Agostino Sarubbo gentoo-dev

2017-06-04 16:27:28 UTC

amd64 stable

Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev

2017-06-05 14:31:13 UTC

x86 stable

Comment 7 Markus Meier gentoo-dev

2017-06-08 05:05:58 UTC

arm stable

Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev

2017-06-17 15:31:01 UTC

ia64 stable

Comment 9 Matt Turner gentoo-dev

2017-08-31 15:21:29 UTC

alpha stable

Comment 10 Aaron Bauman (RETIRED) gentoo-dev

2017-09-10 22:17:14 UTC

sparc was dropped to exp.

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9

Comment 11 Sergei Trofimovich (RETIRED) gentoo-dev

2017-09-25 21:51:45 UTC

ppc stable

Comment 12 Sergei Trofimovich (RETIRED) gentoo-dev

2017-09-26 08:58:42 UTC

ppc/ppc64 stable

Comment 13 Sergei Trofimovich (RETIRED) gentoo-dev

2017-09-26 21:24:36 UTC

hppa stable

Comment 14 Sergei Trofimovich (RETIRED) gentoo-dev

2017-10-05 13:19:44 UTC

sparc stable (thanks to Rolf Eike Beer)

Comment 15 Aaron Bauman (RETIRED) gentoo-dev

2017-10-08 20:12:50 UTC

GLSA Vote: No