RSS   Vulnerabilities for 'Libming'   RSS

2018-04-01
 
CVE-2018-9165

CWE-476
 

 
The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file.

 
2018-03-30
 
CVE-2018-9132

CWE-476
 

 
libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

 
2018-03-24
 
CVE-2018-9009

CWE-416
 

 
In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.

 
2018-03-23
 
CVE-2018-8964

CWE-416
 

 
In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

 
 
CVE-2018-8963

CWE-416
 

 
In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

 
 
CVE-2018-8962

CWE-416
 

 
In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

 
 
CVE-2018-8961

CWE-416
 

 
In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

 
2018-03-20
 
CVE-2018-8807

CWE-416
 

 
In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

 
 
CVE-2018-8806

CWE-416
 

 
In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file.

 
2018-03-08
 
CVE-2018-7877

CWE-119
 

 
There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.

 


Copyright 2018, cxsecurity.com

 

Back to Top