Updated libmtp and libgphoto packages fix security vulnerabilities
Publication date: 28 Jul 2017Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9831 , CVE-2017-9832
Description
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp and libgphoto allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable (CVE-2017-9831). An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp and libgphoto allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable (CVE-2017-9832).
References
SRPMS
5/core
- libmtp-1.1.8-4.1.mga5
- libgphoto-2.5.7-1.2.mga5