CVE-2017-8400

Name of the Vulnerable Software and Affected Versions SWFTools version 0.9.2

Description The issue is caused by an out-of-bounds write of heap data in the png load() function, which can be triggered by a malformed PNG file. This can lead to a denial of service (DoS) and potentially arbitrary code execution.

Recommendations For SWFTools version 0.9.2, consider avoiding the use of the png2swf tool with untrusted PNG files until a patch is available. As a temporary workaround, restrict the handling of PNG files to trusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.