ID CVE-2018-7870
Summary An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.
References
Vulnerable Configurations
  • Libming Libming 0.4.8
    cpe:2.3:a:libming:libming:0.4.8
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-476
CAPEC
nessus via4
NASL family Debian Local Security Checks
NASL id DEBIAN_DLA-1343.NASL
description Multiple vulnerabilities have been discovered in Ming : CVE-2018-6358 Heap-based buffer overflow vulnerability in the printDefineFont2 function (util/listfdb.c). Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-7867 Heap-based buffer overflow vulnerability in the getString function (util/decompile.c) during a RegisterNumber sprintf. Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-7868 Heap-based buffer over-read vulnerability in the getName function (util/decompile.c) for CONSTANT8 data. Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-7870 Invalid memory address dereference in the getString function (util/decompile.c) for CONSTANT16 data. Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-7871 Heap-based buffer over-read vulnerability in the getName function (util/decompile.c) for CONSTANT16 data. Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-7872 Invalid memory address dereference in the getName function (util/decompile.c) for CONSTANT16 data. Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-7875 Heap-based buffer over-read vulnerability in the getName function (util/decompile.c) for CONSTANT8 data. Remote attackers might leverage this vulnerability to cause a denial of service via a crafted swf file. CVE-2018-9165 The pushdup function (util/decompile.c) performs shallow copy of String elements (instead of deep copy), allowing simultaneous change of multiple elements of the stack, which indirectly makes the library vulnerable to a NULL pointer dereference in getName (util/decompile.c). Remote attackers might leverage this vulnerability to cause dos via a crafted swf file. For Debian 7 'Wheezy', these problems have been fixed in version 0.4.4-1.1+deb7u8. We recommend that you upgrade your ming packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen 2019-02-21
modified 2018-08-31
plugin id 108904
published 2018-04-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=108904
title Debian DLA-1343-1 : ming security update
refmap via4
misc
mlist [debian-lts-announce] 20180409 [SECURITY] [DLA 1343-1] ming security update
Last major update 08-03-2018 - 13:29
Published 08-03-2018 - 13:29
Last modified 04-03-2019 - 12:07
Back to Top