CVE-2017-16711

Name of the Vulnerable Software and Affected Versions SWFTools version 0.9.2

Description The issue is related to the swf DefineLosslessBitsTagToImage function in lib/modules/swfbits.c, which mishandles an uncompress failure. This can be exploited by remote attackers to cause a denial of service, resulting in a NULL pointer dereference and application crash. The issue is linked to the extractDefinitions function in lib/readers/swf.c and the fill line bitmap function in lib/devices/render.c.

Recommendations For SWFTools version 0.9.2, consider applying a patch or fix that addresses the uncompress failure handling in the swf DefineLosslessBitsTagToImage function to prevent the denial of service. As a temporary workaround, restrict the use of the swfrender tool to minimize the risk of exploitation.