A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11733
Reference (s):
- GENTOO:GLSA-201904-24
- URL: https://security.gentoo.org/glsa/201904-24
- http://somevulnsofadlab.blogspot.jp/2017/07/libmingnull-pointer-dereference-in.html
- https://github.com/libming/libming/issues/78
- MLIST:[debian-lts-announce] 20171118 [SECURITY] [DLA 1176-1] ming security update