Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 555
Alerts This Week
Warning Icon 1 555

Ubuntu 16.04 Xenial: USN-3559-1 High: PHP7 Denial Of Service Vulnerability

debian lts
Calendar Grey March 11, 2018
Dist Debian Esm H88
Several security issues identified in ming; users of Debian 7 Wheezy should consider upgrading to reduce potential threats.
Multiple vulnerabilities have been discovered in Ming: CVE-2018-5251

Summary

Integer signedness error vulnerability (left shift of a negative value) in
the readSBits function (util/read.c). Remote attackers can leverage this
vulnerability to cause a denial of service via a crafted swf file.

CVE-2018-5294

Integer overflow vulnerability (caused by an out-of-range left shift) in
the readUInt32 function (util/read.c). Remote attackers could leverage this
vulnerability to cause a denial-of-service via a crafted swf file.

CVE-2018-6315

Integer overflow and resultant out-of-bounds read in the
outputSWF_TEXT_RECORD function (util/outputscript.c). Remote attackers could leverage this vulnerability to cause a denial of service or
unspecified other impact via a crafted SWF file.

CVE-2018-6359

Use-after-free vulnerability in the decompileIF function
(util/decompile.c). Remote attackers could leverage this vulnerability to
cause a denial of service or unspecified other impact via a crafted SWF
file.

Read the Full Advisory


Package: ming
Version: 0.4.4-1.1+deb7u7
CVE ID: CVE-2018-5251 CVE-2018-5294 CVE-2018-6315 CVE-2018-6359

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.