Debian Security Advisory

DLA-1240-1 ming -- LTS security update

Date Reported:
11 Jan 2018
Affected Packages:
ming
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2017-11732, CVE-2017-16883, CVE-2017-16898.
More information:

Multiple vulnerabilities have been discovered in Ming:

  • CVE-2017-11732

    heap-based buffer overflow vulnerability in the function dcputs (util/decompile.c) in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

  • CVE-2017-16883

    NULL pointer dereference vulnerability in the function outputSWF_TEXT_RECORD (util/outputscript.c) in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

  • CVE-2017-16898

    global buffer overflow vulnerability in the function printMP3Headers (util/listmp3.c) in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

For Debian 7 Wheezy, these problems have been fixed in version 1:0.4.4-1.1+deb7u6.

We recommend that you upgrade your ming packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS