In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.
Weakness
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libming | Libming | 0.4.8 (including) | 0.4.8 (including) |
| Ming | Ubuntu | esm-apps/xenial | * |
| Ming | Ubuntu | trusty | * |
| Ming | Ubuntu | upstream | * |
| Ming | Ubuntu | xenial | * |
Potential Mitigations
References
- https://github.com/libming/libming/issues/97
- https://lists.debian.org/debian-lts-announce/2018/03/msg00008.html
- https://security.gentoo.org/glsa/201904-24
- https://github.com/libming/libming/issues/97
- https://lists.debian.org/debian-lts-announce/2018/03/msg00008.html
- https://security.gentoo.org/glsa/201904-24