Mageia Bugzilla – Attachment 9201 Details for
Bug 20644
ming new security issue CVE-2017-7578 (incomplete fix for CVE-2016-9831)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Extended description of update test
ming_report.txt (text/plain), 4.10 KB, created by
Len Lawrence
on 2017-04-15 10:32:09 CEST
(
hide
)
Description:
Extended description of update test
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2017-04-15 10:32:09 CEST
Size:
4.10 KB
patch
obsolete
>"Ming is a library for generating Macromedia Flash files (.swf), written in C, and includes useful utilities for working with .swf files." >This does not mean that all of them actually use the ming library. hexdump for example can be found on systems which do not include libming. > >fonts > makefdb - rip fdb font definition files out of a swf or generator template file. >general tools > bindump - show file data in hex and binary > hexdump - show file data in hex > makeswf - compile actionscript code into a swf movie >graphics > gif2dbl - convert a gif-file to dbl > gif2mask - convert a gif image to an alpha mask > png2dbl - convert a png-file to dbl >list tools > listaction - show actionscript in the swf > listfdb - show contents of fdb font file > listjpeg - show frame header info in jpeg files > listmp3 - show frame header info in mp3 files > listswf - swf format disassembler >sound > raw2adpcm - convert a raw (pcm?) soundfile to a adpcm-coded soundfile (smaller size than raw) >swf to... converter > swftoperl - attempt to make a perl/ming script out of an swf file. Look at swftoperl.html > swftophp - attempt to make a php/ming script out of an swf file > swftopython - a todo for pythonfriends :-) not done yet. > >$ rpm -qa | grep ming >ming-utils-0.4.5-8.1.mga5 >lib64ming1-0.4.5-8.1.mga5 >python-mingus-0.4.2.3-5.mga5 >lib64ming-devel-0.4.5-8.1.mga5 > >The CVE link leads to an SWF file which can be used as a reproducer. >https://github.com/libming/libming/issues/68 > >$ listswf libming1.swf >header indicates a filesize of 268435457 but filesize is 116551 >File version: 0 >File size: 116551 >Frame size: (0,6400)x(0,4800) >Frame rate: 0.125000 / sec. >Total frames: 67 >skipping 3 bytes > >Offset: 20 (0x0014) >Block type: 29 (SWF_SYNCFRAME) >Block length: 3 > >205 gradients in SWF_MORPHGRADiENT, expected a max of 8203 gradients in SWF_MORPHGRADiENT, expected a max of 8*** Error in `listswf': realloc(): invalid next size: 0x0000000000b36180 *** > >.... Hangs at this point. > >Installed the update including >- lib64ming-devel-0.4.5-8.2.mga5.x86_64 >- ming-utils-0.4.5-8.2.mga5.x86_64 >- perl-SWF-0.4.5-8.2.mga5.x86_64 >- python-SWF-0.4.5-8.2.mga5.x86_64 > >$ listswf libming1.swf >header indicates a filesize of 268435457 but filesize is 116551 >File version: 0 >File size: 116551 >Frame size: (0,6400)x(0,4800) >Frame rate: 0.125000 / sec. >Total frames: 67 >skipping 3 bytes > >Offset: 20 (0x0014) >Block type: 29 (SWF_SYNCFRAME) >Block length: 3 >............................. >Offset: 110 (0x006e) >Block type: 0 (SWF_END) >Block length: 1 > >extra garbage (i.e., we messed up in main): > >0000: fa ff 1c 00 22 ff 00 00 43 40 4c 10 e7 07 50 00 ...."... C@L...P. >0010: 64 00 ff ff ff 7f 00 01 9f 9f 00 00 00 01 ca 62 d....^?.. .......b >0020: 6b 26 d9 00 00 08 2a 00 11 27 e0 74 16 00 cd 50 k&....*. .'.t...P >0030: b1 0c 07 00 cc f6 64 fd 00 01 9f 00 67 53 13 77 ......d. ....gS.w >............................. > > >The command provides a full hexdump of the rest of the file, right to the end. > >================================================================================= > >$ swftoperl surfacefly_spirit.swf > test.pl >$ less test.pl >#!/usr/bin/perl -w ># Generated by swftoperl converter included with ming. Have fun. > ># Change this to your needs. If you installed perl-ming global you don't need this. >#use lib("/home/peter/mystuff/lib/site_perl"); > ># We import all because our converter is not so clever to select only needed. ;-) >use SWF qw(:ALL); ># Just copy from a sample, needed to use Constants like SWFFILL_RADIAL_GRADIENT >use SWF::Constants qw(:Text :Button :DisplayItem :Fill); > >$m = SWF::Movie::newSWFMovieWithVersion(6); >...............................snip........................... ># SWF_DOACTION >$m->add(new SWF::Action("stop(); >") ); > ># SWF_END > >#print('Content-type: application/x-shockwave-flash\n\n'); >$m->output(9); >================================================================================== > >Ran makeswf on the previously generated test.pl file andit produced output of a sort but which was not recognized as a ShockWave Flash file. This probably needs some insider knowledge. Installing and running clash is about the best we can do. > > >
"Ming is a library for generating Macromedia Flash files (.swf), written in C, and includes useful utilities for working with .swf files." This does not mean that all of them actually use the ming library. hexdump for example can be found on systems which do not include libming. fonts makefdb - rip fdb font definition files out of a swf or generator template file. general tools bindump - show file data in hex and binary hexdump - show file data in hex makeswf - compile actionscript code into a swf movie graphics gif2dbl - convert a gif-file to dbl gif2mask - convert a gif image to an alpha mask png2dbl - convert a png-file to dbl list tools listaction - show actionscript in the swf listfdb - show contents of fdb font file listjpeg - show frame header info in jpeg files listmp3 - show frame header info in mp3 files listswf - swf format disassembler sound raw2adpcm - convert a raw (pcm?) soundfile to a adpcm-coded soundfile (smaller size than raw) swf to... converter swftoperl - attempt to make a perl/ming script out of an swf file. Look at swftoperl.html swftophp - attempt to make a php/ming script out of an swf file swftopython - a todo for pythonfriends :-) not done yet. $ rpm -qa | grep ming ming-utils-0.4.5-8.1.mga5 lib64ming1-0.4.5-8.1.mga5 python-mingus-0.4.2.3-5.mga5 lib64ming-devel-0.4.5-8.1.mga5 The CVE link leads to an SWF file which can be used as a reproducer. https://github.com/libming/libming/issues/68 $ listswf libming1.swf header indicates a filesize of 268435457 but filesize is 116551 File version: 0 File size: 116551 Frame size: (0,6400)x(0,4800) Frame rate: 0.125000 / sec. Total frames: 67 skipping 3 bytes Offset: 20 (0x0014) Block type: 29 (SWF_SYNCFRAME) Block length: 3 205 gradients in SWF_MORPHGRADiENT, expected a max of 8203 gradients in SWF_MORPHGRADiENT, expected a max of 8*** Error in `listswf': realloc(): invalid next size: 0x0000000000b36180 *** .... Hangs at this point. Installed the update including - lib64ming-devel-0.4.5-8.2.mga5.x86_64 - ming-utils-0.4.5-8.2.mga5.x86_64 - perl-SWF-0.4.5-8.2.mga5.x86_64 - python-SWF-0.4.5-8.2.mga5.x86_64 $ listswf libming1.swf header indicates a filesize of 268435457 but filesize is 116551 File version: 0 File size: 116551 Frame size: (0,6400)x(0,4800) Frame rate: 0.125000 / sec. Total frames: 67 skipping 3 bytes Offset: 20 (0x0014) Block type: 29 (SWF_SYNCFRAME) Block length: 3 ............................. Offset: 110 (0x006e) Block type: 0 (SWF_END) Block length: 1 extra garbage (i.e., we messed up in main): 0000: fa ff 1c 00 22 ff 00 00 43 40 4c 10 e7 07 50 00 ...."... C@L...P. 0010: 64 00 ff ff ff 7f 00 01 9f 9f 00 00 00 01 ca 62 d....^?.. .......b 0020: 6b 26 d9 00 00 08 2a 00 11 27 e0 74 16 00 cd 50 k&....*. .'.t...P 0030: b1 0c 07 00 cc f6 64 fd 00 01 9f 00 67 53 13 77 ......d. ....gS.w ............................. The command provides a full hexdump of the rest of the file, right to the end. ================================================================================= $ swftoperl surfacefly_spirit.swf > test.pl $ less test.pl #!/usr/bin/perl -w # Generated by swftoperl converter included with ming. Have fun. # Change this to your needs. If you installed perl-ming global you don't need this. #use lib("/home/peter/mystuff/lib/site_perl"); # We import all because our converter is not so clever to select only needed. ;-) use SWF qw(:ALL); # Just copy from a sample, needed to use Constants like SWFFILL_RADIAL_GRADIENT use SWF::Constants qw(:Text :Button :DisplayItem :Fill); $m = SWF::Movie::newSWFMovieWithVersion(6); ...............................snip........................... # SWF_DOACTION $m->add(new SWF::Action("stop(); ") ); # SWF_END #print('Content-type: application/x-shockwave-flash\n\n'); $m->output(9); ================================================================================== Ran makeswf on the previously generated test.pl file andit produced output of a sort but which was not recognized as a ShockWave Flash file. This probably needs some insider knowledge. Installing and running clash is about the best we can do.
View Attachment As Raw
Actions:
View
Attachments on
bug 20644
: 9201