libming Segmentation Fault Vulnerability in decompileDUPLICATECLIP Function Allowing Denial-of-Service

A segmentation fault vulnerability has been identified in libming version 0.4.8. The issue arises in the decompileDUPLICATECLIP function, where a read memory access to an invalid address, specifically pointing to the zero page, triggers the fault. This vulnerability occurs during the decompilation of SWF files, particularly when processing DUPLICATECLIP actions. The exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a denial-of-service condition where the application crashes and becomes unavailable.

Reproduction

The vulnerability can be reproduced by using libming version 0.4.8 to decompile a SWF file that contains DUPLICATECLIP actions. This can be done using the 'swftocxx' command-line tool included with libming, which processes SWF files and can be used to demonstrate the vulnerability by creating a crafted SWF file that triggers the issue.