Cxlzf

**Name of the Vulnerable Software and Affected Versions** swftools versions prior to 20201223 **Description** An issue exists in the function traits parse() located in abc.c, allowing an attacker to cause Denial of Service due to a NULL pointer dereference. **Recommendations** For versions prior to 20201223, update to a version newer than 20201222 to resolve the issue. As a temporary workaround, consider restricting access to the traits parse() function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** swftools versions through 20201222 **Description** An issue exists in the function `swf FontExtract DefineTextCallback()` located in `swftext.c`, allowing an attacker to cause code execution due to a heap buffer overflow. **Recommendations** For versions through 20201222, consider disabling the `swf FontExtract DefineTextCallback()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** swftools versions through 20201222 **Description** An issue exists in the function main() located in swfdump.c, where a NULL pointer dereference allows an attacker to cause Denial of Service. **Recommendations** For swftools versions through 20201222, consider disabling the main() function in swfdump.c as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** swftools versions prior to 20201223 **Description** A heap-buffer-overflow issue exists in the `swf GetD64()` function located in rfxswf.c, allowing an attacker to cause code execution. **Recommendations** For versions prior to 20201223, update to a version released after 20201222 to resolve the issue. As a temporary workaround, consider restricting access to the `swf GetD64()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** swftools versions prior to 20201223 **Description** An issue exists in the function `swf DeleteFilter()` located in `swffilter.c`, allowing an attacker to cause Denial of Service due to a NULL pointer dereference. **Recommendations** For versions prior to 20201223, consider disabling the `swf DeleteFilter()` function as a temporary workaround until a patch is available.