Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 620
Alerts This Week
Warning Icon 1 620

Debian 7 Wheezy DLA-1386-1 Critical Ming Buffer Overflow Threats

debian lts
Calendar Grey May 26, 2018
Dist Debian Esm H88
Enhance your ming package to address several security flaws and mitigate denial of service threats.
Multiple vulnerabilities have been discovered in Ming: CVE-2018-7866

Summary

NULL pointer dereference in the newVar3 function (util/decompile.c).
Remote attackers might leverage this vulnerability to cause a denial
of service via a crafted swf file.

CVE-2018-7873

Heap-based buffer overflow vulnerability in the getString function
(util/decompile.c). Remote attackers might leverage this vulnerability
to cause a denial of service via a crafted swf file.

CVE-2018-7876

Integer overflow and resulting memory exhaustion in the
parseSWF_ACTIONRECORD function (util/parser.c). Remote attackers might
leverage this vulnerability to cause a denial of service via a crafted
swf file.

CVE-2018-9009

Various heap-based buffer overflow vulnerabilites in util/decompiler.c.
Remote attackers might leverage this vulnerability to cause a denial of
service via a crafted swf file.

CVE-2018-9132

NULL pointer dereference in the getInt function (util/decompile.c).
Remote attackers might leverage this vulnerability to cause a denial

Read the Full Advisory


Severity
critical
Lowest
Low
Medium
High
Critical

Package: ming
Version: 1:0.4.4-1.1+deb7u9
CVE ID: CVE-2018-7866 CVE-2018-7873 CVE-2018-7876 CVE-2018-9009

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.