Primary

Context

libming Memory Leak Vulnerability in Clip Actions Parsing Functions

Vulnerability

A memory leak vulnerability has been identified in libming version 0.4.8, specifically within the clip actions parsing functions parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD, located in util/parser.c. These functions improperly manage memory by allocating space for data structures without providing a means to deallocate it, leading to systematic memory leaks when processing crafted SWF files. This vulnerability can be exploited to cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to memory leaks, causing increased memory usage and potential denial-of-service conditions.

Reproduction

The vulnerability can be reproduced by using the provided proof-of-concept SWF file with the libming library. The memory leak can be observed using a tool like AddressSanitizer, which will report the leaked memory allocations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libming Memory Leak Vulnerability in Clip Actions Parsing Functions

Vulnerability

Impact

Reproduction

Affected Products

libming

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating