Primary

Context

libming Segmentation Fault Vulnerability in DecompileSETVARIABLE Function

Vulnerability

A segmentation fault vulnerability has been identified in libming version 0.4.8. This issue arises in the decompileSETVARIABLE function, where a read memory access to an invalid address, pointing to the zero page, triggers the fault. The vulnerability occurs during the decompilation of SWF files, specifically when processing SETVARIABLE actions.

Impact

Exploitation of this vulnerability leads to a segmentation fault, causing the application to crash.

Reproduction

The vulnerability can be reproduced by using libming version 0.4.8 to decompile a SWF file that contains SETVARIABLE actions. This can be done with the 'swftocxx' command-line tool, which is part of the libming distribution.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libming Segmentation Fault Vulnerability in DecompileSETVARIABLE Function

Vulnerability

Impact

Reproduction

Affected Products

libming

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating