Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-799-1 ming

Debian Security Advisory

DLA-799-1 ming -- LTS security update

Date Reported:

26 Jan 2017

Affected Packages:

ming

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 843928.
In Mitre's CVE dictionary: CVE-2016-9264, CVE-2016-9265, CVE-2016-9266, CVE-2016-9827, CVE-2016-9828, CVE-2016-9829, CVE-2016-9831.

More information:

Multiple security issues have been found in Ming. They may lead to the execution of arbitrary code or causing application crash.

• CVE-2016-9264

  global-buffer-overflow in printMP3Headers

• CVE-2016-9265

  divide-by-zero in printMP3Headers

• CVE-2016-9266

  left shift in listmp3.c

• CVE-2016-9827

  listswf: heap-based buffer overflow in _iprintf

• CVE-2016-9828

  listswf: heap-based buffer overflow in _iprintf

• CVE-2016-9829

  listswf: NULL pointer dereference in dumpBuffer

• CVE-2016-9831

  listswf: heap-based buffer overflow in parseSWF_RGBA

For Debian 7 Wheezy, these problems have been fixed in version 0.4.4-1.1+deb7u1.

We recommend that you upgrade your ming packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS