Advisories ยป MGASA-2019-0137

Updated ming packages fix security vulnerability

Publication date: 10 Apr 2019
Modification date: 10 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6358 , CVE-2018-7867 , CVE-2018-7868 , CVE-2018-7870 , CVE-2018-7871 , CVE-2018-7872 , CVE-2018-7875 , CVE-2018-9165

Description

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is
vulnerable to a heap-based buffer overflow, which may allow attackers to
cause a denial of service or unspecified other impact via a crafted FDB
file. (CVE-2018-6358)

There is a heap-based buffer overflow in the getString function of
util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A
Crafted input will lead to a denial of service attack. (CVE-2018-7867)

There is a heap-based buffer over-read in the getName function of
util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will
lead to a denial of service attack. (CVE-2018-7868)

An invalid memory address dereference was discovered in getString in
util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability
causes a segmentation fault and application crash, which leads to denial
of service. (CVE-2018-7870)

There is a heap-based buffer over-read in the getName function of
util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input
will lead to a denial of service or possibly unspecified other impact.
(CVE-2018-7871)

An invalid memory address dereference was discovered in the function
getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a
segmentation fault and application crash, which leads to denial of
service. (CVE-2018-7872)

There is a heap-based buffer over-read in the getString function of
util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input
will lead to a denial of service attack. (CVE-2018-7875)

The pushdup function in util/decompile.c in libming through 0.4.8 does
not recognize the need for ActionPushDuplicate to perform a deep copy
when a String is at the top of the stack, making the library vulnerable
to a util/decompile.c getName NULL pointer dereference, which may allow
attackers to cause a denial of service via a crafted SWF file.
(CVE-2018-9165)
                

References

SRPMS

6/core