Bug 1438686 (CVE-2016-9264, CVE-2016-9265, CVE-2016-9266, CVE-2016-9827, CVE-2016-9828, CVE-2016-9829, CVE-2016-9831) - CVE-2016-9264 CVE-2016-9265 CVE-2016-9266 CVE-2016-9827 CVE-2016-9828 CVE-2016-9829 CVE-2016-9831 ming: Multiple security vulnerabilities
Summary: CVE-2016-9264 CVE-2016-9265 CVE-2016-9266 CVE-2016-9827 CVE-2016-9828 CVE-201...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2016-9264, CVE-2016-9265, CVE-2016-9266, CVE-2016-9827, CVE-2016-9828, CVE-2016-9829, CVE-2016-9831
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1438687
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-04-04 08:14 UTC by Andrej Nemec
Modified: 2019-09-29 14:08 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-05-31 14:12:42 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2017-04-04 08:14:49 UTC
Multiple security issues were found in libming.

CVE-2016-9264 - Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.

http://seclists.org/oss-sec/2016/q4/375

CVE-2016-9265 - The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.

http://seclists.org/oss-sec/2016/q4/376

CVE-2016-9266 - listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift.

http://seclists.org/oss-sec/2016/q4/377

CVE-2016-9829 - Heap-based buffer overflow in the parseSWF_DEFINEFONT function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.

http://seclists.org/oss-sec/2016/q4/551

CVE-2016-9831 - Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file.

http://seclists.org/oss-sec/2016/q4/552

CVE-2016-9827 - The _iprintf function in outputtxt.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (buffer over-read) via a crafted SWF file.

http://seclists.org/oss-sec/2016/q4/553

CVE-2016-9828 - The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.

http://seclists.org/oss-sec/2016/q4/554

Comment 1 Andrej Nemec 2017-04-04 08:15:22 UTC
Created ming tracking bugs for this issue:

Affects: fedora-all [bug 1438687]

Comment 2 Andrej Nemec 2017-04-07 07:07:24 UTC
Fix for CVE-2016-9831 introduced a regression.

CVE-2017-7578 - Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831.


Note You need to log in before you can comment on or make changes to this bug.