Primary

Context

libming Memory Leak Vulnerability in SWF Parsing Function Allowing Denial-of-Service

Vulnerability

A memory leak vulnerability has been identified in the 'parseSWF_DEFINESCENEANDFRAMEDATA' function of 'libming' version 0.4.8. This vulnerability allows attackers to cause a denial-of-service by exploiting the function's failure to properly deallocate memory after parsing scene and frame data from SWF files. The issue arises because the function allocates memory for these data structures but lacks a mechanism to free it, leading to multiple memory leaks.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by leaking memory, which can lead to increased memory usage and potential application crashes.

Reproduction

The vulnerability can be reproduced by using the 'harness' tool with a crafted SWF file as input. The 'Poc-parseSWF_DEFINESCENEANDFRAMEDATA.zip' file contains the proof-of-concept exploit that triggers the memory leak.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libming Memory Leak Vulnerability in SWF Parsing Function Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

libming

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating