CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

CVE-2017-16931

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name...

CVE-2017-16931

CVE-2017-16931 affects libxml2 (parser.c) prior to version 2.9.5, where parameter-entity references are mishandled: the NEXTL macro calls xmlParserHandlePEReference for a '%' in a DTD name, enabling a buffer overflow and potential remote code execution. The connected details confirm the vulnerabl...

CVE-2017-16932

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities...

CVE-2017-16932

CVE-2017-16932 affects the libxml2 parser: in versions before 2.9.5, expanding a parameter entity in a DTD can result in infinite recursion, potentially leading to a denial of service or memory exhaustion. Affected component is the libxml2 XML C parser. Connected sources corroborate the issue and...

CVE-2017-16932

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities...

CVE-2017-16932

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities...

UBUNTU-CVE-2017-11703

A memory leak vulnerability was found in the function parseSWFDOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file...

Memory corruption

A memory leak was found in the function parseSWFSHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file...

CVE-2017-11705

The CVE-2017-11705 issue affects Ming 0.4.8: a memory leak in the function parseSWF_SHAPEWITHSTYLE located in util/parser.c can allow a crafted SWF file to cause a denial of service. The connected sources consistently describe this vulnerability as a memory leak in Ming 0.4.8 without detailing ex...

CVE-2017-9988

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service NULL pointer dereference attack against parser.c...

Null pointer dereference

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service NULL pointer dereference attack against parser.c...

UBUNTU-CVE-2017-9988

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service NULL pointer dereference attack against parser.c...

CVE-2017-9988

The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service NULL pointer dereference attack against parser.c...

Updated ming packages fix security vulnerability

The update fixes CVE-2017-7578: Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service listswf application crash or possibly have unspecified other impact via a crafted SWF file. NOTE: This issue exists because of an incomplete fix fo...

CVE-2017-7578

Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service listswf application crash or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831...

CVE-2017-7578

CVE-2017-7578 is a set of multiple heap-based buffer overflows in the parser.c module of libming 0.4.7. The vulnerability allows remote attackers to trigger a denial of service (listswf application crash) or potentially cause unspecified other impact via a crafted SWF file; it is noted to exist d...

CVE-2016-9831

Heap-based buffer overflow in the parseSWFRGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file...

Heap overflow

Heap-based buffer overflow in the parseSWFDEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file...

CVE-2016-9831

CVE-2016-9831 describes a heap-based buffer overflow in the parseSWF_RGBA function of parser.c in the listswf tool from libming 0.4.7. The vulnerability enables remote attackers to trigger unspecified impact via a crafted SWF file. Related advisories show that this issue is tied to multiple CVEs ...