From 9bb20b0036fdbd2f2e4c7246655daaa642e635d6 Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <cnx@loang.net>
Date: Wed, 26 Feb 2025 15:38:17 +0900
Subject: Add ASan'ed libming 0.4.8 for CVE-2018-{8806,8964}

---
 bugs/README.md                             |  14 ++++++++++++++
 bugs/cve/2018/8806/heap-use-after-free.swf | Bin 0 -> 166 bytes
 bugs/cve/2018/8964/heap-use-after-free.swf | Bin 0 -> 140 bytes
 3 files changed, 14 insertions(+)
 create mode 100644 bugs/cve/2018/8806/heap-use-after-free.swf
 create mode 100644 bugs/cve/2018/8964/heap-use-after-free.swf

(limited to 'bugs')

diff --git a/bugs/README.md b/bugs/README.md
index de9149a..c8ab237 100644
--- a/bugs/README.md
+++ b/bugs/README.md
@@ -77,6 +77,18 @@
       guix shell -e '(@@ (loftix bugs) libjpeg-turbo-2.0.1-asan)'
       djpeg -colors 256 -bmp cve/2018/19664/heap-buffer-overflow-2.jpg
 
+## libming
+
+- CVE-2018-8806: [use after free][libming-128]
+
+      guix shell -e '(@@ (loftix bugs) libming-0.4.8-asan)'
+      swftophp cve/2018/8806/heap-use-after-free.swf
+
+- CVE-2018-8964: [use after free][libming-130]
+
+      guix shell -e '(@@ (loftix bugs) libming-0.4.8-asan)'
+      swftophp cve/2018/8964/heap-use-after-free.swf
+
 ## libtiff
 
 - CVE-2016-3186: [buffer overflow][redhat-1319503]
@@ -209,6 +221,8 @@
 [libarchive-717]: https://github.com/libarchive/libarchive/issues/717
 [libjpeg-turbo-258]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
 [libjpeg-turbo-305]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305
+[libming-128]: https://github.com/libming/libming/issues/128
+[libming-130]: https://github.com/libming/libming/issues/130
 [maptools-2554]: https://bugzilla.maptools.org/show_bug.cgi?id=2554
 [maptools-2558]: https://bugzilla.maptools.org/show_bug.cgi?id=2558
 [maptools-2587]: https://bugzilla.maptools.org/show_bug.cgi?id=2587
diff --git a/bugs/cve/2018/8806/heap-use-after-free.swf b/bugs/cve/2018/8806/heap-use-after-free.swf
new file mode 100644
index 0000000..23c07c2
Binary files /dev/null and b/bugs/cve/2018/8806/heap-use-after-free.swf differ
diff --git a/bugs/cve/2018/8964/heap-use-after-free.swf b/bugs/cve/2018/8964/heap-use-after-free.swf
new file mode 100644
index 0000000..53376b6
Binary files /dev/null and b/bugs/cve/2018/8964/heap-use-after-free.swf differ
-- 
cgit 1.4.1