The updated packages fix security vulnerabilities: A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. (CVE-2018-7866) There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack. (CVE-2018-7873) In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file. (CVE-2018-7876) In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. (CVE-2018-9009) libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. (CVE-2018-9132)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 7 | noarch | ming | <Â 0.4.9-0.git20181112.2.1 | ming-0.4.9-0.git20181112.2.1.mga7 |