{"id":"MGASA-2018-0212","summary":"Updated ming packages fix security vulnerabilities","details":"The readString function in util/read.c and util/old/read.c in libming\n0.4.8 allows remote attackers to cause a denial of service via a large\nfile that is mishandled by listswf, listaction, etc. This occurs\nbecause of an integer overflow that leads to a memory allocation error.\n(CVE-2017-8782)\n\nThe readEncUInt30 function in util/read.c in libming 0.4.8 mishandles\nmemory allocation. A crafted input will lead to a remote denial of\nservice (NULL pointer dereference) attack against parser.c.\n(CVE-2017-9988)\n\nutil/outputtxt.c in libming 0.4.8 mishandles memory allocation. A\ncrafted input will lead to a remote denial of service (NULL pointer\ndereference) attack. (CVE-2017-9989)\n\nA heap-based buffer over-read was found in the function decompileIF in\nutil/decompile.c in Ming 0.4.8, which allows attackers to cause a denial\nof service via a crafted file. (CVE-2017-11704)\n\nA heap-based buffer over-read was found in the function OpCode (called\nfrom decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows\nattackers to cause a denial of service via a crafted file.\n(CVE-2017-11728)\n\nA heap-based buffer over-read was found in the function OpCode (called\nfrom decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8,\nwhich allows attackers to cause a denial of service via a crafted file.\n(CVE-2017-11729)\n\nA heap-based buffer over-read was found in the function OpCode (called\nfrom decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8,\nwhich allows attackers to cause a denial of service via a crafted file.\n(CVE-2017-11730)\n\nAn invalid memory read vulnerability was found in the function OpCode\n(called from isLogicalOp and decompileIF) in util/decompile.c in Ming\n0.4.8, which allows attackers to cause a denial of service via a crafted\nfile. (CVE-2017-11731)\n\nA heap-based buffer overflow vulnerability was found in the function\ndcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming\n0.4.8, which allows attackers to cause a denial of service via a\ncrafted file. (CVE-2017-11732)\n\nA null pointer dereference vulnerability was found in the function\nstackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming\n0.4.8, which allows attackers to cause a denial of service via a crafted\nfile. (CVE-2017-11733)\n\nA heap-based buffer over-read was found in the function\ndecompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows\nattackers to cause a denial of service via a crafted file.\n(CVE-2017-11734)\n\nThe outputSWF_TEXT_RECORD function in util/outputscript.c in libming \u003c=\n0.4.8 is vulnerable to a NULL pointer dereference, which may allow\nattackers to cause a denial of service via a crafted swf file.\n(CVE-2017-16883)\n\nThe printMP3Headers function in util/listmp3.c in libming v0.4.8 or\nearlier is vulnerable to a global buffer overflow, which may allow\nattackers to cause a denial of service via a crafted file, a different\nvulnerability than CVE-2016-9264. (CVE-2017-16898)\n\nIn libming 0.4.8, there is an integer signedness error vulnerability\n(left shift of a negative value) in the readSBits function\n(util/read.c). Remote attackers can leverage this vulnerability to\ncause a denial of service via a crafted swf file. (CVE-2018-5251)\n\nIn libming 0.4.8, there is an integer overflow (caused by an\nout-of-range left shift) in the readUInt32 function (util/read.c).\nRemote attackers could leverage this vulnerability to cause a\ndenial-of-service via a crafted swf file. (CVE-2018-5294)\n\nThe outputSWF_TEXT_RECORD function (util/outputscript.c) in libming\nthrough 0.4.8 is vulnerable to an integer overflow and resultant\nout-of-bounds read, which may allow attackers to cause a denial of\nservice or unspecified other impact via a crafted SWF file.\n(CVE-2018-6315)\n\nThe decompileIF function (util/decompile.c) in libming through 0.4.8\nis vulnerable to a use-after-free, which may allow attackers to cause a\ndenial of service or unspecified other impact via a crafted SWF file.\n(CVE-2018-6359)\n","modified":"2026-02-04T03:15:57.337325Z","published":"2018-04-30T19:08:07Z","related":["CVE-2017-11704","CVE-2017-11728","CVE-2017-11729","CVE-2017-11730","CVE-2017-11731","CVE-2017-11732","CVE-2017-11733","CVE-2017-11734","CVE-2017-16883","CVE-2017-16898","CVE-2017-8782","CVE-2017-9988","CVE-2017-9989","CVE-2018-5251","CVE-2018-5294","CVE-2018-6315","CVE-2018-6359"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0212.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22815"}],"affected":[{"package":{"name":"ming","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/ming?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.5-14.1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0212.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}