Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 516
Alerts This Week
Warning Icon 1 516

Debian 7: DLA-1343-1 Critical: Ming Buffer Overflow DoS Fix

debian lts
Calendar Grey April 9, 2018
Dist Debian Esm H88
Enhance ming to address several critical flaws, such as memory overflow and service interruption vulnerabilities.
Multiple vulnerabilities have been discovered in Ming: CVE-2018-6358

Summary

Heap-based buffer overflow vulnerability in the printDefineFont2 function
(util/listfdb.c). Remote attackers might leverage this vulnerability to
cause a denial of service via a crafted swf file.

CVE-2018-7867

Heap-based buffer overflow vulnerability in the getString function
(util/decompile.c) during a RegisterNumber sprintf. Remote attackers might
leverage this vulnerability to cause a denial of service via a crafted swf
file.

CVE-2018-7868

Heap-based buffer over-read vulnerability in the getName function
(util/decompile.c) for CONSTANT8 data. Remote attackers might leverage this
vulnerability to cause a denial of service via a crafted swf file.

CVE-2018-7870

Invalid memory address dereference in the getString function
(util/decompile.c) for CONSTANT16 data. Remote attackers might leverage this
vulnerability to cause a denial of service via a crafted swf file.

CVE-2018-7871

Heap-based buffer over-read vulnerability in the getName function

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: ming
Version: 0.4.4-1.1+deb7u8
CVE ID: CVE-2018-6358 CVE-2018-7867 CVE-2018-7868 CVE-2018-7870

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.