Skip to main content

Ming CVE-2017-11728

MEDIUM
Out-of-bounds Read (CWE-125)
2017-07-29 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 29, 2017 - 05:29 cve.org
MEDIUM 5.5

DescriptionCVE.org

A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

AnalysisAI

A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. Affected products include: Libming Ming.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Ming

View all
CVE-2019-9114 HIGH POC
8.8 Feb 25

Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in

CVE-2019-9113 HIGH POC
8.8 Feb 25

Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a

CVE-2017-11705 MEDIUM POC
6.5 Jul 28

A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers t

CVE-2017-11703 MEDIUM POC
6.5 Jul 28

A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows att

CVE-2017-11704 MEDIUM POC
6.5 Jul 28

A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows atta

CVE-2017-11733 MEDIUM
5.5 Jul 29

A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/de

CVE-2017-11732 MEDIUM
5.5 Jul 29

A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/de

CVE-2017-11731 MEDIUM
5.5 Jul 29

An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/

CVE-2017-11729 MEDIUM
5.5 Jul 29

A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decomp

CVE-2017-11734 MEDIUM
5.5 Jul 29

A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which a

CVE-2017-11730 MEDIUM
5.5 Jul 29

A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decomp

Share

CVE-2017-11728 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy