Source: swftools Version: 0.9.2+git20130725-2 Severity: important Tags: patch upstream security
Hi, the following vulnerabilities were published for swftools, and not filling two seprate bugs, since common code back to stable. Filled as severity grave, since for CVE-2017-8400 possibly can cause code execution, but not ruled out/further analyzed if that is possible. CVE-2017-8400[0]: | In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the | function png_load() in lib/png.c:755. This issue can be triggered by a | malformed PNG file that is mishandled by png2swf. Attackers could | exploit this issue for DoS; it might cause arbitrary code execution. CVE-2017-8401[1]: | In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the | function png_load() in lib/png.c:724. This issue can be triggered by a | malformed PNG file that is mishandled by png2swf. Attackers could | exploit this issue for DoS. The references to the security tracker contain references to the upstream issues and respective commits. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8400 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8400 [1] https://security-tracker.debian.org/tracker/CVE-2017-8401 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8401 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
