Cxlzffo

**Name of the Vulnerable Software and Affected Versions** swftools versions prior to 20201223 **Description** An issue exists in the function handleEditText() located in swfdump.c, allowing a heap-buffer-overflow. This enables an attacker to cause code execution. **Recommendations** For versions prior to 20201223, update to a version newer than 20201222 to resolve the issue. As a temporary workaround, consider restricting access to the handleEditText() function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** swftools versions 20201222 and earlier **Description** An issue was discovered in swftools that allows an attacker to cause code execution through a memory leak when swfdump is used. **Recommendations** For versions 20201222 and earlier, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** swftools versions through 20201222 **Description** An issue exists in the function `swf FontExtract DefineTextCallback()` located in `swftext.c`, allowing an attacker to cause code execution due to a heap-use-after-free. **Recommendations** For versions through 20201222, consider disabling the `swf FontExtract DefineTextCallback()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** swftools versions through 20201222 **Description** An issue exists in the function `swf GetBits()` located in `rfxswf.c`, which allows an attacker to cause code execution due to a heap-buffer-overflow. **Recommendations** For versions through 20201222, consider disabling the `swf GetBits()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.