MGASA-2020-0032

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0032.html

Import Source

https://advisories.mageia.org/MGASA-2020-0032.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0032

Related

Published

2020-01-11T23:52:04Z

Modified

2020-01-11T23:31:43Z

Summary

Updated ming packages fix security vulnerabilities

Details

The updated packages fix security vulnerabilities:

A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7866)

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack. (CVE-2018-7873)

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. (CVE-2018-7876)

In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. (CVE-2018-9009)

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. (CVE-2018-9132)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / ming

Package

Name: ming
Purl: pkg:rpm/mageia/ming?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.9-0.git20181112.2.1.mga7

Ecosystem specific

{
    "section": "core"
}