SB2017032311 - Multiple vulnerabilities in libming

Security Bulletin ID SB2017032311

Severity

Medium

Patch available

NO

Number of vulnerabilities 4

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2017-7578)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file.

2) Buffer overflow (CVE-ID: CVE-2016-9264)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file.

3) Division by zero (CVE-ID: CVE-2016-9265)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide-by-zero error within The printMP3Headers function in listmp3.c in Libming 0.4.7. A remote attacker can perform a denial of service (divide-by-zero error and application crash) via a crafted mp3 file.

4) Input validation error (CVE-ID: CVE-2016-9266)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

SB2017032311 - Multiple vulnerabilities in libming

Breakdown by Severity

Description

Remediation

References

Please verify you're human