VYPR

Swftools

by Swftools

Source repositories

CVEs (111)

  • CVE-2017-16868MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.

  • CVE-2017-1000186MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, a stack overflow was found in pdf2swf.

  • CVE-2017-1000185MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, a memcpy buffer overflow was found in gif2swf.

  • CVE-2017-1000182MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, a memory leak was found in wav2swf.

  • CVE-2017-1000176MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, a memcpy buffer overflow was found in swfc.

  • CVE-2017-1000174MedNov 17, 2017
    risk 0.36cvss 5.5epss 0.01

    In SWFTools, an address access exception was found in swfdump swf_GetBits().

  • CVE-2017-16794MedNov 12, 2017
    risk 0.36cvss 5.5epss 0.01

    The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated…

  • CVE-2017-16711MedNov 9, 2017
    risk 0.36cvss 5.5epss 0.01

    The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in…

  • CVE-2025-6271LowJun 19, 2025
    risk 0.21cvss 3.3epss 0.00

    A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The…

  • CVE-2024-28458Apr 11, 2024
    risk 0.00cvss epss 0.01

    Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c.

  • CVE-2024-26335Mar 5, 2024
    risk 0.00cvss epss 0.00

    swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c.

  • CVE-2024-26339Mar 5, 2024
    risk 0.00cvss epss 0.01

    swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.

  • CVE-2024-26337Mar 5, 2024
    risk 0.00cvss epss 0.01

    swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c.

  • CVE-2024-26334Mar 5, 2024
    risk 0.00cvss epss 0.00

    swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c.

  • CVE-2024-25165Feb 14, 2024
    risk 0.00cvss epss 0.01

    A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.

  • CVE-2024-22913Jan 19, 2024
    risk 0.00cvss epss 0.00

    A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.

  • CVE-2024-22957Jan 19, 2024
    risk 0.00cvss epss 0.00

    swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190.

  • CVE-2024-22956Jan 19, 2024
    risk 0.00cvss epss 0.00

    swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838

  • CVE-2024-22912Jan 19, 2024
    risk 0.00cvss epss 0.00

    A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.

  • CVE-2024-22911Jan 19, 2024
    risk 0.00cvss epss 0.00

    A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.

Page 2 of 6