MGASA-2019-0078

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2019-0078.html

Import Source

https://advisories.mageia.org/MGASA-2019-0078.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2019-0078

Related

Published

2019-02-14T08:38:16Z

Modified

2019-02-14T08:07:23Z

Summary

Updated mad packages fix security vulnerability

Details

The maddecoderrun function in decoder.c in libmad 0.15.1b allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file (CVE-2017-11552).

The maddecoderrun() function in decoder.c in Underbit libmad through 0.15.1b allows attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file (CVE-2018-7263).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:6 / mad

Package

Name: mad
Purl: pkg:rpm/mageia/mad?distro=mageia-6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.15.1b-22.2.mga6

Ecosystem specific

{
    "section": "core"
}