Debian Binaryen vulnerabilities

CVE-2019-7154 [MEDIUM] CVE-2019-7154: binaryen - The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buff... The main function in tools/wasm2js.cpp in Binaryen 1.38.22 has a heap-based buffer overflow because Emscripten is misused, triggering an error in cashew::JSPrinter::printAst() in emscripten-optimizer/simple_ast.h. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. Scope: local bookworm: resolved (fixed in 66-1)

CVE-2019-7701 [MEDIUM] CVE-2019-7701: binaryen - A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhi... A heap-based buffer over-read was discovered in wasm::SExpressionParser::skipWhitespace() in wasm-s-parser.cpp in Binaryen 1.38.22. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm2js. Scope: local bookworm: resolved (fixed in 64-1) bullseye: resolved (fixed in 64-1) forky: resolved (fixed in 64-1) sid: reso

CVE-2019-15759 [MEDIUM] CVE-2019-15759: binaryen - An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipu... An issue was discovered in Binaryen 1.38.32. Two visitors in ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm2js. Scope: local bookworm: resolved (fixed in 89-1) bullseye: resolved (fixed in 89-1) fo

CVE-2019-15758 [MEDIUM] CVE-2019-15758: binaryen - An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/a... An issue was discovered in Binaryen 1.38.32. Missing validation rules in asmjs/asmangle.cpp can lead to an Assertion Failure at wasm/wasm.cpp in wasm::asmangle. A crafted input can cause denial-of-service, as demonstrated by wasm2js. Scope: local bookworm: resolved (fixed in 89-1) bullseye: resolved (fixed in 89-1) forky: resolved (fixed in 89-1) sid: resolved (f