Vendor
Libming
Products
2
CVEs
22
Across products
22
Status
Private
Products
2- 12 CVEs
- 10 CVEs
Recent CVEs
22| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7578 | Hig | 0.51 | 7.8 | 0.00 | Apr 7, 2017 | Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow remote attackers to cause a denial of service (listswf application crash) or possibly have unspecified other impact via a crafted SWF file. NOTE: this issue exists because of an incomplete fix for CVE-2016-9831. | |
| CVE-2016-9831 | Hig | 0.51 | 7.8 | 0.00 | Feb 17, 2017 | Heap-based buffer overflow in the parseSWF_RGBA function in parser.c in the listswf tool in libming 0.4.7 allows remote attackers to have unspecified impact via a crafted SWF file. | |
| CVE-2017-16883 | Med | 0.42 | 6.5 | 0.00 | Nov 18, 2017 | The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file. | |
| CVE-2017-11705 | Med | 0.42 | 6.5 | 0.00 | Jul 28, 2017 | A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11704 | Med | 0.42 | 6.5 | 0.00 | Jul 28, 2017 | A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11703 | Med | 0.42 | 6.5 | 0.00 | Jul 28, 2017 | A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-9989 | Med | 0.42 | 6.5 | 0.01 | Jun 28, 2017 | util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack. | |
| CVE-2017-9988 | Med | 0.42 | 6.5 | 0.01 | Jun 28, 2017 | The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c. | |
| CVE-2017-8782 | Med | 0.42 | 6.5 | 0.00 | May 31, 2017 | The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. | |
| CVE-2016-9266 | Med | 0.42 | 6.5 | 0.01 | Mar 23, 2017 | listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. | |
| CVE-2017-16898 | Med | 0.36 | 5.5 | 0.00 | Nov 20, 2017 | The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264. | |
| CVE-2017-11734 | Med | 0.36 | 5.5 | 0.00 | Jul 29, 2017 | A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11733 | Med | 0.36 | 5.5 | 0.00 | Jul 29, 2017 | A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11732 | Med | 0.36 | 5.5 | 0.00 | Jul 29, 2017 | A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11731 | Med | 0.36 | 5.5 | 0.00 | Jul 29, 2017 | An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11730 | Med | 0.36 | 5.5 | 0.00 | Jul 29, 2017 | A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11729 | Med | 0.36 | 5.5 | 0.00 | Jul 29, 2017 | A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2017-11728 | Med | 0.36 | 5.5 | 0.00 | Jul 29, 2017 | A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file. | |
| CVE-2016-9265 | Med | 0.36 | 5.5 | 0.00 | Mar 23, 2017 | The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp3 file. | |
| CVE-2016-9264 | Med | 0.36 | 5.5 | 0.00 | Mar 23, 2017 | Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mp3 file. |