Updated ming packages fix security vulnerability
Publication date: 10 Apr 2019Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6358 , CVE-2018-7867 , CVE-2018-7868 , CVE-2018-7870 , CVE-2018-7871 , CVE-2018-7872 , CVE-2018-7875 , CVE-2018-9165
Description
The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is
vulnerable to a heap-based buffer overflow, which may allow attackers to
cause a denial of service or unspecified other impact via a crafted FDB
file. (CVE-2018-6358)
There is a heap-based buffer overflow in the getString function of
util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A
Crafted input will lead to a denial of service attack. (CVE-2018-7867)
There is a heap-based buffer over-read in the getName function of
util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will
lead to a denial of service attack. (CVE-2018-7868)
An invalid memory address dereference was discovered in getString in
util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability
causes a segmentation fault and application crash, which leads to denial
of service. (CVE-2018-7870)
There is a heap-based buffer over-read in the getName function of
util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input
will lead to a denial of service or possibly unspecified other impact.
(CVE-2018-7871)
An invalid memory address dereference was discovered in the function
getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a
segmentation fault and application crash, which leads to denial of
service. (CVE-2018-7872)
There is a heap-based buffer over-read in the getString function of
util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input
will lead to a denial of service attack. (CVE-2018-7875)
The pushdup function in util/decompile.c in libming through 0.4.8 does
not recognize the need for ActionPushDuplicate to perform a deep copy
when a String is at the top of the stack, making the library vulnerable
to a util/decompile.c getName NULL pointer dereference, which may allow
attackers to cause a denial of service via a crafted SWF file.
(CVE-2018-9165)
References
- https://bugs.mageia.org/show_bug.cgi?id=24505
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DCVKRTMEAJTXCYXNA53WZFPDF67TN7NC/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6358
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7867
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7870
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7871
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7872
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7875
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9165
SRPMS
6/core
- ming-0.4.9-0.git20181112.1.mga6