Swftools
by Swftools
Source repositories
CVEs (111)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-16868 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file. | ||
| CVE-2017-1000186 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools, a stack overflow was found in pdf2swf. | ||
| CVE-2017-1000185 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools, a memcpy buffer overflow was found in gif2swf. | ||
| CVE-2017-1000182 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools, a memory leak was found in wav2swf. | ||
| CVE-2017-1000176 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools, a memcpy buffer overflow was found in swfc. | ||
| CVE-2017-1000174 | Med | 0.36 | 5.5 | 0.01 | Nov 17, 2017 | In SWFTools, an address access exception was found in swfdump swf_GetBits(). | ||
| CVE-2017-16794 | Med | 0.36 | 5.5 | 0.01 | Nov 12, 2017 | The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated… | ||
| CVE-2017-16711 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2017 | The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in… | ||
| CVE-2025-6271 | Low | 0.21 | 3.3 | 0.00 | Jun 19, 2025 | A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The… | ||
| CVE-2024-28458 | 0.00 | — | 0.01 | Apr 11, 2024 | Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. | |||
| CVE-2024-26335 | 0.00 | — | 0.00 | Mar 5, 2024 | swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c. | |||
| CVE-2024-26339 | 0.00 | — | 0.01 | Mar 5, 2024 | swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. | |||
| CVE-2024-26337 | 0.00 | — | 0.01 | Mar 5, 2024 | swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. | |||
| CVE-2024-26334 | 0.00 | — | 0.00 | Mar 5, 2024 | swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c. | |||
| CVE-2024-25165 | 0.00 | — | 0.01 | Feb 14, 2024 | A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. | |||
| CVE-2024-22913 | 0.00 | — | 0.00 | Jan 19, 2024 | A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution. | |||
| CVE-2024-22957 | 0.00 | — | 0.00 | Jan 19, 2024 | swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. | |||
| CVE-2024-22956 | 0.00 | — | 0.00 | Jan 19, 2024 | swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 | |||
| CVE-2024-22912 | 0.00 | — | 0.00 | Jan 19, 2024 | A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. | |||
| CVE-2024-22911 | 0.00 | — | 0.00 | Jan 19, 2024 | A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. |
- risk 0.36cvss 5.5epss 0.01
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.
- risk 0.36cvss 5.5epss 0.01
In SWFTools, a stack overflow was found in pdf2swf.
- risk 0.36cvss 5.5epss 0.01
In SWFTools, a memcpy buffer overflow was found in gif2swf.
- risk 0.36cvss 5.5epss 0.01
In SWFTools, a memory leak was found in wav2swf.
- risk 0.36cvss 5.5epss 0.01
In SWFTools, a memcpy buffer overflow was found in swfc.
- risk 0.36cvss 5.5epss 0.01
In SWFTools, an address access exception was found in swfdump swf_GetBits().
- risk 0.36cvss 5.5epss 0.01
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated…
- risk 0.36cvss 5.5epss 0.01
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in…
- risk 0.21cvss 3.3epss 0.00
A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The…
- CVE-2024-28458Apr 11, 2024risk 0.00cvss —epss 0.01
Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c.
- CVE-2024-26335Mar 5, 2024risk 0.00cvss —epss 0.00
swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c.
- CVE-2024-26339Mar 5, 2024risk 0.00cvss —epss 0.01
swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.
- CVE-2024-26337Mar 5, 2024risk 0.00cvss —epss 0.01
swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c.
- CVE-2024-26334Mar 5, 2024risk 0.00cvss —epss 0.00
swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c.
- CVE-2024-25165Feb 14, 2024risk 0.00cvss —epss 0.01
A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.
- CVE-2024-22913Jan 19, 2024risk 0.00cvss —epss 0.00
A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.
- CVE-2024-22957Jan 19, 2024risk 0.00cvss —epss 0.00
swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190.
- CVE-2024-22956Jan 19, 2024risk 0.00cvss —epss 0.00
swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838
- CVE-2024-22912Jan 19, 2024risk 0.00cvss —epss 0.00
A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.
- CVE-2024-22911Jan 19, 2024risk 0.00cvss —epss 0.00
A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.
Page 2 of 6