VYPR
Medium severity6.5OSV Advisory· Published Apr 1, 2018· Updated Jun 17, 2026

CVE-2018-9165

CVE-2018-9165

Description

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Libming/LibmingOSV2 versions
    ming-0_3_0, ming-0_3_beta2, ming-0_4_0_beta3, …+ 1 more
    • (no CPE)range: ming-0_3_0, ming-0_3_beta2, ming-0_4_0_beta3, …
    • (no CPE)range: <=0.4.8

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.