Primary

Context

libming Segmentation Fault Vulnerability in decompileCALLMETHOD Function Allowing Denial-of-Service

Vulnerability

A segmentation fault vulnerability has been identified in libming version 0.4.8. The issue arises in the decompileCALLMETHOD function, where the software attempts to read memory from an invalid address, leading to a crash. This vulnerability can be exploited by using a specially crafted SWF file, causing a denial-of-service condition by disrupting the application's normal operation.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a denial-of-service condition by crashing the application.

Reproduction

The vulnerability can be reproduced by using libming version 0.4.8 to process an SWF file that has been crafted to trigger the issue. This can be done by creating a SWF file that includes CALLMETHOD actions pointing to invalid memory addresses, particularly those that would be interpreted as zero-page references.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libming Segmentation Fault Vulnerability in decompileCALLMETHOD Function Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

libming

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating