Lucene search

DebianDEBIAN:DLA-890-1:2DEF1

HistoryApr 10, 2017 - 12:32 p.m.

[SECURITY] [DLA 890-1] ming security update

2017-04-1012:32:04

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

Package : ming
Version : 1:0.4.4-1.1+deb7u2
CVE ID : CVE-2017-7578

It was discovered that there were multiple heap-based buffer overflows in ming,
a library to generate SWF (Flash) files.

The updated packages prevent a crash in the "listswf" utility due to a
heap-based buffer overflow in the parseSWF_RGBA function and several other
functions in parser.c.

AddressSanitizer flagged them as invalid writes "of size 1" but the heap could
be written to multiple times. The overflows are caused by a pointer behind the
bounds of a statically allocated array of structs of type SWF_GRADIENTRECORD.

For Debian 7 "Wheezy", this issue has been fixed in ming version
1:0.4.4-1.1+deb7u2.

We recommend that you upgrade your ming packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian7i386php5-ming< 1:0.4.4-1.1+deb7u2php5-ming_1:0.4.4-1.1+deb7u2_i386.deb
Debian7i386libming-dev< 1:0.4.4-1.1+deb7u2libming-dev_1:0.4.4-1.1+deb7u2_i386.deb
Debian7amd64libming-util< 1:0.4.4-1.1+deb7u2libming-util_1:0.4.4-1.1+deb7u2_amd64.deb
Debian7amd64libming-dev< 1:0.4.4-1.1+deb7u2libming-dev_1:0.4.4-1.1+deb7u2_amd64.deb
Debian7allming-fonts-dejavu< 1:0.4.4-1.1+deb7u2ming-fonts-dejavu_1:0.4.4-1.1+deb7u2_all.deb
Debian7i386libswf-perl< 1:0.4.4-1.1+deb7u2libswf-perl_1:0.4.4-1.1+deb7u2_i386.deb
Debian7armellibming-util< 1:0.4.4-1.1+deb7u2libming-util_1:0.4.4-1.1+deb7u2_armel.deb
Debian7amd64php5-ming< 1:0.4.4-1.1+deb7u2php5-ming_1:0.4.4-1.1+deb7u2_amd64.deb
Debian7amd64python-ming< 1:0.4.4-1.1+deb7u2python-ming_1:0.4.4-1.1+deb7u2_amd64.deb
Debian7amd64libming1< 1:0.4.4-1.1+deb7u2libming1_1:0.4.4-1.1+deb7u2_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	i386	php5-ming	< 1:0.4.4-1.1+deb7u2	php5-ming_1:0.4.4-1.1+deb7u2_i386.deb
Debian	7	i386	libming-dev	< 1:0.4.4-1.1+deb7u2	libming-dev_1:0.4.4-1.1+deb7u2_i386.deb
Debian	7	amd64	libming-util	< 1:0.4.4-1.1+deb7u2	libming-util_1:0.4.4-1.1+deb7u2_amd64.deb
Debian	7	amd64	libming-dev	< 1:0.4.4-1.1+deb7u2	libming-dev_1:0.4.4-1.1+deb7u2_amd64.deb
Debian	7	all	ming-fonts-dejavu	< 1:0.4.4-1.1+deb7u2	ming-fonts-dejavu_1:0.4.4-1.1+deb7u2_all.deb
Debian	7	i386	libswf-perl	< 1:0.4.4-1.1+deb7u2	libswf-perl_1:0.4.4-1.1+deb7u2_i386.deb
Debian	7	armel	libming-util	< 1:0.4.4-1.1+deb7u2	libming-util_1:0.4.4-1.1+deb7u2_armel.deb
Debian	7	amd64	php5-ming	< 1:0.4.4-1.1+deb7u2	php5-ming_1:0.4.4-1.1+deb7u2_amd64.deb
Debian	7	amd64	python-ming	< 1:0.4.4-1.1+deb7u2	python-ming_1:0.4.4-1.1+deb7u2_amd64.deb
Debian	7	amd64	libming1	< 1:0.4.4-1.1+deb7u2	libming1_1:0.4.4-1.1+deb7u2_amd64.deb