Primary

Context

libming Memory Leak Vulnerability in parseSWF_INITACTION Function

Vulnerability

A memory leak vulnerability has been identified in libming version 0.4.8 within the parseSWF_INITACTION function. The issue arises from improper management of memory reallocation, leading to a direct memory leak while parsing SWF files. This vulnerability can be exploited by processing specially crafted SWF files that trigger the memory leak during the initialization action parsing.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not properly released, leading to increased memory usage and potential degradation of application performance over time.

Reproduction

The vulnerability can be reproduced by using the libming SWF processing tools, such as 'swftoperl' or 'swftocxx', with SWF files that contain ActionScript initialization actions. The AddressSanitizer (ASan) can be used to detect the memory leak, which will be reported as a direct leak of 160 bytes allocated by the parseSWF_INITACTION function.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libming Memory Leak Vulnerability in parseSWF_INITACTION Function

Vulnerability

Impact

Reproduction

Affected Products

libming

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating