libming Segmentation Fault Vulnerability in DecompileRETURN Function Allowing Denial-of-Service

A segmentation fault vulnerability has been identified in libming version 0.4.8. This issue arises in the decompileRETURN function, where a read memory access to an invalid address, specifically pointing to the zero page, triggers the fault. The vulnerability occurs during the decompilation of SWF files, particularly when processing return actions. Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a denial-of-service condition where the application crashes and becomes unresponsive.

Reproduction

The vulnerability can be reproduced by using libming version 0.4.8 to decompile a SWF file that has been crafted to include return actions. This can be done by using the 'swftocxx' command-line tool included with libming, which will process the SWF file and trigger the vulnerability by accessing an invalid memory address during the decompilation of the return actions.