SB2019100332 - Fedora 32 update for ming
Published: October 3, 2019 Updated: April 25, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2018-7866)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. A remote attacker can perform a denial of service (DoS) attack.
2) Buffer overflow (CVE-ID: CVE-2018-7873)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.
3) Resource exhaustion (CVE-ID: CVE-2018-7876)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.
4) Use-after-free (CVE-ID: CVE-2018-9009)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.
5) NULL pointer dereference (CVE-ID: CVE-2018-9132)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted swf file.
Remediation
Install update from vendor's website.