PT-2017-18322 · Swftools · Swftools
Chunibalon
·
Publicado
2017-05-01
·
Atualizado
2017-05-12
·
CVE-2017-8401
CVSS v3.1
6.5
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SWFTools version 0.9.2
Description
The issue is caused by an out-of-bounds read of heap data in the
png load() function, which can be triggered by a malformed PNG file. This can lead to a denial of service (DoS) and can be exploited by attackers.Recommendations
For SWFTools version 0.9.2, consider avoiding the use of the
png2swf tool with untrusted PNG files until a patch is available. As a temporary workaround, restrict the handling of PNG files to trusted sources to minimize the risk of exploitation.Exploit
Correção
Out of bounds Read
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Swftools