Debian Security Advisory
DLA-1240-1 ming -- LTS security update
- Date Reported:
- 11 Jan 2018
- Affected Packages:
- ming
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-11732, CVE-2017-16883, CVE-2017-16898.
- More information:
-
Multiple vulnerabilities have been discovered in Ming:
- CVE-2017-11732
heap-based buffer overflow vulnerability in the function dcputs (util/decompile.c) in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.
- CVE-2017-16883
NULL pointer dereference vulnerability in the function outputSWF_TEXT_RECORD (util/outputscript.c) in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.
- CVE-2017-16898
global buffer overflow vulnerability in the function printMP3Headers (util/listmp3.c) in Ming <= 0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.
For Debian 7
Wheezy
, these problems have been fixed in version 1:0.4.4-1.1+deb7u6.We recommend that you upgrade your ming packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
- CVE-2017-11732
