CVE-2018-7877 (https://nvd.nist.gov/vuln/detail/CVE-2018-7877): There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack. CVE-2018-7876 (https://nvd.nist.gov/vuln/detail/CVE-2018-7876): In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. CVE-2018-7875 (https://nvd.nist.gov/vuln/detail/CVE-2018-7875): There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. CVE-2018-7874 (https://nvd.nist.gov/vuln/detail/CVE-2018-7874): An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2018-7873 (https://nvd.nist.gov/vuln/detail/CVE-2018-7873): There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack. CVE-2018-7872 (https://nvd.nist.gov/vuln/detail/CVE-2018-7872): An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2018-7871 (https://nvd.nist.gov/vuln/detail/CVE-2018-7871): There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact. CVE-2018-7870 (https://nvd.nist.gov/vuln/detail/CVE-2018-7870): An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. CVE-2018-7869 (https://nvd.nist.gov/vuln/detail/CVE-2018-7869): There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack. CVE-2018-7868 (https://nvd.nist.gov/vuln/detail/CVE-2018-7868): There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack. CVE-2018-7867 (https://nvd.nist.gov/vuln/detail/CVE-2018-7867): There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack. CVE-2018-7866 (https://nvd.nist.gov/vuln/detail/CVE-2018-7866): A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2018-7877 (https://nvd.nist.gov/vuln/detail/CVE-2018-7877): > There is a heap-based buffer overflow in the getString function of > util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will > lead > to a denial of service attack. > Not fixed yet. > CVE-2018-7876 (https://nvd.nist.gov/vuln/detail/CVE-2018-7876): > In libming 0.4.8, a memory exhaustion vulnerability was found in the > function parseSWF_ACTIONRECORD in util/parser.c, which allows remote > attackers to cause a denial of service via a crafted file. Not fixed yet. > CVE-2018-7873 (https://nvd.nist.gov/vuln/detail/CVE-2018-7873): > There is a heap-based buffer overflow in the getString function of > util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will > lead to a denial of service attack. not fixed yet. > CVE-2018-7869 (https://nvd.nist.gov/vuln/detail/CVE-2018-7869): > There is a memory leak triggered in the function dcinit of util/decompile.c > in libming 0.4.8, which will lead to a denial of service attack. > Not fixed yet. > CVE-2018-7866 (https://nvd.nist.gov/vuln/detail/CVE-2018-7866): > A NULL pointer dereference was discovered in newVar3 in util/decompile.c in > libming 0.4.8. The vulnerability causes a segmentation fault and > application > crash, which leads to denial of service. anddd not fixed yet. All others are fixed in media-libs/ming-0.20181112
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f85984054ed9f49d7245234ee6aa9e737607f148 commit f85984054ed9f49d7245234ee6aa9e737607f148 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-08-04 19:29:04 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-08-04 19:29:04 +0000 profiles/package.mask: add media-libs/ming Bug: https://bugs.gentoo.org/626412 Bug: https://bugs.gentoo.org/650006 Bug: https://bugs.gentoo.org/651574 Bug: https://bugs.gentoo.org/661152 Bug: https://bugs.gentoo.org/678804 Signed-off-by: Aaron Bauman <bman@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+)
The package has been removed.
