libming Out-of-Memory Vulnerability in parseABC_STRING_INFO Function Allows Denial-of-Service

A memory exhaustion vulnerability has been identified in libming version 0.4.8, specifically within the parseABC_STRING_INFO function. This vulnerability arises when the function attempts to allocate a large block of memory while parsing ActionScript Bytecode (ABC) data, leading to an out-of-memory error. The issue causes the application to abort, creating a Denial-of-Service (DoS) condition on systems processing SWF files that contain this bytecode.

Impact

Exploitation of this vulnerability leads to a Denial-of-Service condition, causing the application to crash and potentially disrupting services that rely on SWF file processing.

Reproduction

The vulnerability can be reproduced by using libming version 0.4.8 to parse SWF files that contain ActionScript Bytecode data. The parseABC_STRING_INFO function will attempt to allocate a large amount of memory, causing an out-of-memory error and terminating the application. This can be automated with a proof-of-concept available in the same GitHub repository.