Mageia: 2019-0137 Critical Update For Libming Denial Of Service
mageia
April 10, 2019
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or uns...
Summary
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is
vulnerable to a heap-based buffer overflow, which may allow attackers to
cause a denial of service or unspecified other impact via a crafted FDB
file. (CVE-2018-6358)
There is a heap-based buffer overflow in the getString function of
util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A
Crafted input will lead to a denial of service attack. (CVE-2018-7867)
There is a heap-based buffer over-read in the getName function of
util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will
lead to a denial of service attack. (CVE-2018-7868)
An invalid memory address dereference was discovered in getString in
util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability
causes a segmentation fault and application crash, which leads to denial
of service. (CVE-2018-7870)
There is a heap-based buffer over-read in the getName function of
util/decompile.c in libming 0.4.8 for CONSTANT...
References
- https://bugs.mageia.org/show_bug.cgi?id=24505
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCVKRTMEAJTXCYXNA53WZFPDF67TN7NC/
- https://www.cve.org/CVERecord?id=CVE-2018-6358
- https://www.cve.org/CVERecord?id=CVE-2018-7867
- https://www.cve.org/CVERecord?id=CVE-2018-7868
- https://www.cve.org/CVERecord?id=CVE-2018-7870
- https://www.cve.org/CVERecord?id=CVE-2018-7871
- https://www.cve.org/CVERecord?id=CVE-2018-7872
- https://www.cve.org/CVERecord?id=CVE-2018-7875
- https://www.cve.org/CVERecord?id=CVE-2018-9165
Topics Covered
Resolution
SRPMS
- 6/core/ming-0.4.9-0.git20181112.1.mga6
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 10 Apr 2019
URL: https://advisories.mageia.org/MGASA-2019-0137.html
Type: security
CVE: CVE-2018-6358,
CVE-2018-7867,
CVE-2018-7868,
CVE-2018-7870,
CVE-2018-7871,
CVE-2018-7872,
CVE-2018-7875,
CVE-2018-9165
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!