libming Memory Allocation Vulnerability in parseSWF_DEFINEBINARYDATA Function Leading to Denial-of-Service

A vulnerability in libming version 0.48 has been identified, specifically in the parseSWF_DEFINEBINARYDATA function. This vulnerability arises from an 'allocation-size-too-big' error, where the function attempts to allocate an excessively large block of memory while parsing SWF files. Attackers can exploit this vulnerability by supplying crafted SWF files, causing the application to exhaust memory resources and potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a segmentation fault, where the application attempts to read memory from an invalid address, leading to a crash. Additionally, the vulnerability can be exploited to cause a general denial-of-service condition by exhausting memory resources, causing the application to abort.

Reproduction

The vulnerability can be reproduced by using a crafted SWF file that contains binary data designed to trigger the allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function. This can be done by manipulating the SWF file's binary data to include excessively large blocks that exceed the maximum supported allocation size. Once the crafted SWF file is prepared, it can be processed using libming version 0.48, which will result in the application crashing due to the memory allocation error.