CVE-2024-22913
Description
A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A heap-buffer-overflow in SWFTools v0.9.2's swf5lex function allows remote code execution via crafted SWF files.
Vulnerability
A heap-buffer-overflow vulnerability exists in SWFTools v0.9.2 in the swf5lex() function within lib/lex.swf5.c at line 1321 [1]. This occurs when processing a specially crafted SWF file using the swfc tool. The overflow is a write of size 1 to a heap buffer, triggered during lexing of the input file.
Exploitation
An attacker can trigger the overflow by supplying a malicious SWF file to the swfc utility [1]. No authentication is required; the user must only open the crafted file with swfc. The overflow occurs in the lexer, leading to an out-of-bounds write that can be leveraged for code execution.
Impact
Successful exploitation allows an attacker to execute arbitrary code with the privileges of the user running swfc. This can lead to full compromise of the affected system, including data theft, modification, or further propagation.
Mitigation
As of the publication date, no official patch has been released. The SWFTools project appears to be unmaintained (last commit 772e55a2). Users should avoid processing untrusted SWF files with swfc. No workaround is available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =0.9.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.