Primary

Context

libming Memory Leak Vulnerability in parseSWF_IMPORTASSETS2 Function

Vulnerability

A memory leak vulnerability has been identified in the parseSWF_IMPORTASSETS2 function of libming version 0.4.8. This vulnerability allows attackers to cause a denial-of-service by exploiting the function's failure to properly deallocate memory after parsing SWF import assets, leading to increased memory usage and potential application instability.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not properly released, leading to increased memory consumption and potential application crashes.

Reproduction

The vulnerability can be reproduced by using the provided proof-of-concept SWF file with the libming library. The memory leak can be observed using a tool like AddressSanitizer, which will report the leaked memory allocations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libming Memory Leak Vulnerability in parseSWF_IMPORTASSETS2 Function

Vulnerability

Impact

Reproduction

Affected Products

libming

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating