{"id":"MGASA-2020-0032","summary":"Updated ming packages fix security vulnerabilities","details":"The updated packages fix security vulnerabilities:\n\nA NULL pointer dereference was discovered in newVar3 in util/decompile.c\nin libming 0.4.8. The vulnerability causes a segmentation fault and\napplication crash, which leads to denial of service. (CVE-2018-7866)\n\nThere is a heap-based buffer overflow in the getString function of\nutil/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input\nwill lead to a denial of service attack. (CVE-2018-7873)\n\nIn libming 0.4.8, a memory exhaustion vulnerability was found in the\nfunction parseSWF_ACTIONRECORD in util/parser.c, which allows remote\nattackers to cause a denial of service via a crafted file.\n(CVE-2018-7876)\n\nIn libming 0.4.8, there is a use-after-free in the decompileJUMP function\nof the decompile.c file. (CVE-2018-9009)\n\nlibming 0.4.8 has a NULL pointer dereference in the getInt function of the\ndecompile.c file. Remote attackers could leverage this vulnerability to\ncause a denial of service via a crafted swf file. (CVE-2018-9132)\n","modified":"2026-04-16T04:42:53.382894840Z","published":"2020-01-11T23:52:04Z","upstream":["CVE-2018-7866","CVE-2018-7873","CVE-2018-7876","CVE-2018-9009","CVE-2018-9132"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0032.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25957"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LBFCINUX3XXAPPH77OH6NKACBPFBQXXW/"}],"affected":[{"package":{"name":"ming","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/ming?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.4.9-0.git20181112.2.1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0032.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}