CVE-2022-35087
Description
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap-buffer-overflow in SWFTools commit 772e55a2 via MovieAddFrame in gif2swf.c leads to segmentation violation.
Vulnerability
A heap-buffer-overflow vulnerability exists in SWFTools commit 772e55a2, specifically in the MovieAddFrame function at /src/gif2swf.c. This occurs when processing a crafted GIF file, leading to a segmentation violation. The issue was discovered during fuzz testing and reproduced with AddressSanitizer.
Exploitation
An attacker can trigger the vulnerability by providing a specially crafted GIF file as input to the gif2swf utility, executed with a command such as ./gif2swf -o /dev/null [sample file]. No authentication or special privileges are required; the attacker only needs to persuade a user to process the malicious GIF file.
Impact
Successful exploitation causes a heap-buffer-overflow, resulting in a segmentation violation and denial of service (DoS). The crash occurs during memory copy operations, and while the overflow is detected by ASAN, it may also allow for further memory corruption depending on the environment.
Mitigation
As of the available reference [1], no fix has been publicly released. Users should avoid processing untrusted GIF files with the affected version (772e55a2) until a patch is applied.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: commit 772e55a2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35087.mdmitrex_refsource_MISC
- github.com/matthiaskramm/swftools/issues/181mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.