Primary

Context

libming Memory Leak Vulnerability in parseSWF_MORPHFILLSTYLES Function

Vulnerability

A memory leak vulnerability has been identified in libming version 0.4.8. The issue arises in the parseSWF_MORPHFILLSTYLES function, where memory allocated for processing MORPHFILLSTYLES is not properly deallocated after parsing. This oversight leads to memory leaks during the processing of SWF files.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not released, potentially leading to increased memory usage and degradation of application performance over time.

Reproduction

The vulnerability can be reproduced by using libming version 0.4.8 to parse SWF files that include MORPHFILLSTYLES. The memory leak can be observed using the AddressSanitizer tool, which reports a direct leak of 41,144 bytes in one object allocated from the parseSWF_MORPHFILLSTYLES function.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

2.5

exploitability

5.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libming Memory Leak Vulnerability in parseSWF_MORPHFILLSTYLES Function

Vulnerability

Impact

Reproduction

Affected Products

libming

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating