Libming
by Libming
Source repositories
CVEs (12)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7578 | Hig | 0.51 | 7.8 | 0.00 | Apr 7, 2017 | Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831. | |
| CVE-2016-9831 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2017 | Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. | |
| CVE-2017-16883 | Med | 0.42 | 6.5 | 0.00 | Nov 18, 2017 | The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file. | |
| CVE-2017-9989 | Med | 0.42 | 6.5 | 0.01 | Jun 28, 2017 | util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. | |
| CVE-2017-9988 | Med | 0.42 | 6.5 | 0.01 | Jun 28, 2017 | The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. | |
| CVE-2017-8782 | Med | 0.42 | 6.5 | 0.00 | May 31, 2017 | The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. | |
| CVE-2016-9266 | Med | 0.42 | 6.5 | 0.01 | Mar 23, 2017 | listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. | |
| CVE-2017-16898 | Med | 0.36 | 5.5 | 0.00 | Nov 20, 2017 | The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264. | |
| CVE-2016-9265 | Med | 0.36 | 5.5 | 0.00 | Mar 23, 2017 | The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. | |
| CVE-2016-9264 | Med | 0.36 | 5.5 | 0.00 | Mar 23, 2017 | Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. | |
| CVE-2025-66877 | 0.00 | — | 0.00 | Dec 29, 2025 | Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8. | ||
| CVE-2025-66869 | 0.00 | — | 0.00 | Dec 29, 2025 | Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8. |