Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626498 (CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734) - <media-libs/ming-0.20181112: Multiple vulnerabilities (CVE-2017-{11734,11733,11732, 11731, 11730, 11729, 11728})
Summary: <media-libs/ming-0.20181112: Multiple vulnerabilities (CVE-2017-{11734,11733,...
Status: RESOLVED FIXED
Alias: CVE-2017-11728, CVE-2017-11729, CVE-2017-11730, CVE-2017-11731, CVE-2017-11732, CVE-2017-11733, CVE-2017-11734
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on: CVE-2018-5251, CVE-2018-5294, CVE-2018-6315, CVE-2018-6358, CVE-2018-6359
Blocks:
  Show dependency tree
 
Reported: 2017-07-29 06:27 UTC by Aleksandr Wagner (Kivak)
Modified: 2019-04-24 23:58 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aleksandr Wagner (Kivak) 2017-07-29 06:27:22 UTC
CVE-2017-11734 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11734):

A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in_24.html
https://github.com/libming/libming/issues/83

CVE-2017-11733 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11733):

A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingnull-pointer-dereference-in.html
https://github.com/libming/libming/issues/78

CVE-2017-11732 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11732):

A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-dcputs.html
https://github.com/libming/libming/issues/80

CVE-2017-11731 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11731):

An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libminginvalid-memory-read-in-opcode.html
https://github.com/libming/libming/issues/84

CVE-2017-11730 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11730):

A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-opcode_24.html
https://github.com/libming/libming/issues/81

CVE-2017-11729 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11729):

A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-opcode.html
https://github.com/libming/libming/issues/79

CVE-2017-11728 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11728):

A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. 

References:

http://somevulnsofadlab.blogspot.ca/2017/07/libmingheap-buffer-overflow-in-opcode_32.html
https://github.com/libming/libming/issues/82
Comment 1 Agostino Sarubbo gentoo-dev 2017-07-29 10:27:20 UTC
B2 because of the heap-overflow write
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-04-05 01:07:55 UTC
All are fixed in master.  Snapshot release covers all.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2019-04-24 23:58:27 UTC
This issue was resolved and addressed in
 GLSA 201904-24 at https://security.gentoo.org/glsa/201904-24
by GLSA coordinator Aaron Bauman (b-man).