-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ming Version : 1:0.4.4-1.1+deb7u2 CVE ID : CVE-2017-7578
It was discovered that there were multiple heap-based buffer overflows in ming, a library to generate SWF (Flash) files. The updated packages prevent a crash in the "listswf" utility due to a heap-based buffer overflow in the parseSWF_RGBA function and several other functions in parser.c. AddressSanitizer flagged them as invalid writes "of size 1" but the heap could be written to multiple times. The overflows are caused by a pointer behind the bounds of a statically allocated array of structs of type SWF_GRADIENTRECORD. For Debian 7 "Wheezy", this issue has been fixed in ming version 1:0.4.4-1.1+deb7u2. We recommend that you upgrade your ming packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAljrezoACgkQHpU+J9Qx HlhAABAAkM/nIn634l1pPZkJlFtGIu42CcYlKa1uy5bdLnakbCDX7pGpFnsd6FH1 Xmcn4acsvm+eT42N9FefCKZB/fHlu4xTehVwsVaojQ85SQzYAZ0NbMsr8GT3WldJ nsBeTQIYrTjScvIRSrrw2X8wP0oZ+FyfYMNJ2/AgoJlg0YB0fi32UPFDVo97tVBz LIhBlhzJL22GwmrB4Z3KaB+8aw9IVHUtay1R2rN2QbiGVPz9WlFa3wcVeQ5VWyhb iKUi5M9vbxaDCguX4BKc0h9EzlL5Fv2a5GTMMkL2SvIZPk0OhNOcW/hZj+onKorY JJRbXaPdoNflxNvFiWUVje2tWGW6YANZIxTLYb0pEkcY1rboaSHhX2ioIXofxkrG P5hop7Y1Tv0ylm4T05ZCZi+TA0pIDX4q7KtbiHteX65JVFWraJcXzkeGpX94QFlX vK8mIuBaKBMloUQrPL3EpA8i0YV0m2nzfnP0FWk97Tp1jPyF1j6ysPeWDdy9rocl 8J3sznPtZ2SWROpJoaIhPh8ptti/C4Bl/JkuBnFH8tFlWTYvpI9XrJ6ea09uVDru efqHEdjitK++E7j0zn0wxiCcH0eb5ZswuYjCxF8L0XdV0KXJTKmdi6Ei/gJEcGlh k/RScvxfjpSScnSeP+3VJ93WYlfk8aceUPAXdPHvA3pWevJw0+8= =/0OO -----END PGP SIGNATURE-----