A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Upstream bug: https://github.com/libming/libming/issues/76
Created ming tracking bugs for this issue: Affects: fedora-all [bug 1476183]
This was actually fixed in 69985e2be596a36a106862d2b82a6d2703654b54, builds: 0.4.8-2.fc26 0.4.8-5.fc27 0.4.8-8.fc28 You didn't open a separate bug for each CVE ID, though.