VYPR

Libming

by Libming

Source repositories

CVEs (120)

  • CVE-2018-8963MedMar 23, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

  • CVE-2018-8962MedMar 23, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

  • CVE-2018-8961MedMar 23, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

  • CVE-2018-8807MedMar 20, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

  • CVE-2018-8806MedMar 20, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file.

  • CVE-2018-7877MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.01

    There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.

  • CVE-2018-7876MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.

  • CVE-2018-7875MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.02

    There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

  • CVE-2018-7874MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.01

    An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2018-7873MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.02

    There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.

  • CVE-2018-7872MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.02

    An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2018-7870MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.02

    An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2018-7868MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.02

    There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

  • CVE-2018-7867MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.02

    There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack.

  • CVE-2018-7866MedMar 8, 2018
    risk 0.42cvss 6.5epss 0.02

    A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

  • CVE-2018-5294MedJan 8, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

  • CVE-2018-5251MedJan 5, 2018
    risk 0.42cvss 6.5epss 0.02

    In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.

  • CVE-2017-16883MedNov 18, 2017
    risk 0.42cvss 6.5epss 0.01

    The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.

  • CVE-2017-11705MedJul 28, 2017
    risk 0.42cvss 6.5epss 0.01

    A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

  • CVE-2017-11704MedJul 28, 2017
    risk 0.42cvss 6.5epss 0.01

    A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

Page 2 of 6