Debian 7: DLA-890-1 Critical: Ming Buffer Overflow Advisory
debian lts
April 10, 2017
It was discovered that there were multiple heap-based buffer overflows in ming, a library to generate SWF (Flash) files
Topics Covered
Summary
The updated packages prevent a crash in the "listswf" utility due to a
heap-based buffer overflow in the parseSWF_RGBA function and several other
functions in parser.c.
AddressSanitizer flagged them as invalid writes "of size 1" but the heap could
be written to multiple times. The overflows are caused by a pointer behind the
bounds of a statically allocated array of structs of type SWF_GRADIENTRECORD.
For Debian 7 "Wheezy", this issue has been fixed in ming version
1:0.4.4-1.1+deb7u2.
We recommend that you upgrade your ming packages.
Regards,
- --
,'`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: ming
Version: 1:0.4.4-1.1+deb7u2
CVE ID: CVE-2017-7578
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!