Primary

Context

libming Memory Leak Vulnerability in parseSWF_EXPORTASSETS Function

Vulnerability

A memory leak vulnerability has been identified in the parseSWF_EXPORTASSETS function within util/parser.c of libming version 0.4.8. The vulnerability arises because the function allocates memory for arrays and strings without providing a deallocation mechanism, leading to memory leaks when parsing SWF export assets.

Impact

Exploitation of this vulnerability causes a memory leak, with 266 bytes leaked across three separate memory allocations, according to the AddressSanitizer.

Reproduction

The vulnerability can be reproduced by using the provided proof-of-concept file, 'Poc-parseSWF_EXPORTASSETS.zip', which contains a harness to trigger the memory leak by parsing SWF export assets with the vulnerable libming version 0.4.8.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libming Memory Leak Vulnerability in parseSWF_EXPORTASSETS Function

Vulnerability

Impact

Reproduction

Affected Products

libming

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating