1 |
type: security |
2 |
subject: Updated ming packages fix security vulnerability |
3 |
CVE: |
4 |
- CVE-2018-6358 |
5 |
- CVE-2018-7867 |
6 |
- CVE-2018-7868 |
7 |
- CVE-2018-7870 |
8 |
- CVE-2018-7871 |
9 |
- CVE-2018-7872 |
10 |
- CVE-2018-7875 |
11 |
- CVE-2018-9165 |
12 |
src: |
13 |
6: |
14 |
core: |
15 |
- ming-0.4.9-0.git20181112.1.mga6 |
16 |
description: | |
17 |
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is |
18 |
vulnerable to a heap-based buffer overflow, which may allow attackers to |
19 |
cause a denial of service or unspecified other impact via a crafted FDB |
20 |
file. (CVE-2018-6358) |
21 |
|
22 |
There is a heap-based buffer overflow in the getString function of |
23 |
util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A |
24 |
Crafted input will lead to a denial of service attack. (CVE-2018-7867) |
25 |
|
26 |
There is a heap-based buffer over-read in the getName function of |
27 |
util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will |
28 |
lead to a denial of service attack. (CVE-2018-7868) |
29 |
|
30 |
An invalid memory address dereference was discovered in getString in |
31 |
util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability |
32 |
causes a segmentation fault and application crash, which leads to denial |
33 |
of service. (CVE-2018-7870) |
34 |
|
35 |
There is a heap-based buffer over-read in the getName function of |
36 |
util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input |
37 |
will lead to a denial of service or possibly unspecified other impact. |
38 |
(CVE-2018-7871) |
39 |
|
40 |
An invalid memory address dereference was discovered in the function |
41 |
getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a |
42 |
segmentation fault and application crash, which leads to denial of |
43 |
service. (CVE-2018-7872) |
44 |
|
45 |
There is a heap-based buffer over-read in the getString function of |
46 |
util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input |
47 |
will lead to a denial of service attack. (CVE-2018-7875) |
48 |
|
49 |
The pushdup function in util/decompile.c in libming through 0.4.8 does |
50 |
not recognize the need for ActionPushDuplicate to perform a deep copy |
51 |
when a String is at the top of the stack, making the library vulnerable |
52 |
to a util/decompile.c getName NULL pointer dereference, which may allow |
53 |
attackers to cause a denial of service via a crafted SWF file. |
54 |
(CVE-2018-9165) |
55 |
references: |
56 |
- https://bugs.mageia.org/show_bug.cgi?id=24505 |
57 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCVKRTMEAJTXCYXNA53WZFPDF67TN7NC/ |
58 |
ID: MGASA-2019-0137 |