libming Memory Leak Vulnerability in parseSWF_PLACEOBJECT3 Function

A memory leak vulnerability has been identified in libming version 0.4.8 within the parseSWF_PLACEOBJECT3 function. This issue arises from improper management of memory allocation when reading strings, leading to a direct memory leak during the parsing of SWF files. The vulnerability allows for the accumulation of unreleased memory, which could potentially be exploited to degrade application performance or cause a denial-of-service condition.

Impact

Exploitation of this vulnerability leads to a memory leak, where allocated memory is not properly released, causing increased memory usage over time. This can result in application performance degradation or a denial-of-service condition, where the application becomes unresponsive or fails to allocate memory for other tasks.

Reproduction

The vulnerability can be reproduced by using the libming library version 0.4.8 and processing SWF files that trigger the parseSWF_PLACEOBJECT3 function. This can be done by using a tool or script that leverages libming to parse SWF files, such as the 'swftoperl' command-line utility included in the libming distribution. The AddressSanitizer (ASan) can be used to detect the memory leak, as it reports the leaked memory allocations that are not freed before the application exits.