Primary

Context

libming Memory Leak Vulnerability in ABC File Parsing Functions

Vulnerability

A memory leak vulnerability has been identified in libming version 0.4.8 within the ABC file parsing functions parseABC_CONSTANT_POOL and parseABC_FILE, located in util/parser.c. These functions allocate memory for various data structures but lack proper deallocation mechanisms, leading to systematic memory leaks when processing ABC files. The vulnerability can be exploited by creating a crafted ABC file that triggers these memory leaks, causing a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition due to memory exhaustion caused by the unfreed allocations.

Reproduction

The vulnerability can be reproduced by using the provided proof-of-concept file 'Poc-parseABC_FILE.zip', which contains a crafted ABC file designed to exploit the memory leak in libming v0.4.8. After extracting the ZIP file, the vulnerability can be triggered by running the 'harness' program with the crafted ABC file as input.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libming Memory Leak Vulnerability in ABC File Parsing Functions

Vulnerability

Impact

Reproduction

Affected Products

libming

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating