Debian 7 Wheezy DLA-995-1: Critical DoS Vulnerability in Swftools
debian lts
June 20, 2017
CVE-2017-8400 In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755
Topics Covered
Summary
CVE-2017-8401
In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in
the function png_load() in lib/png.c:724. This issue can be triggered
by a malformed PNG file that is mishandled by png2swf.
Attackers could exploit this issue for DoS.
For Debian 7 "Wheezy", these problems have been fixed in version
0.9.2+ds1-3+deb7u1.
We recommend that you upgrade your swftools packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: swftools
Version: 0.9.2+ds1-3+deb7u1
CVE ID: CVE-2017-8400 CVE-2017-8401
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!