CVE-2017-16796

Name of the Vulnerable Software and Affected Versions SWFTools version 0.9.2

Description The issue is related to the png load function in lib/png.c, which does not check the return value of a realloc call. This allows remote attackers to cause a denial of service, resulting in an invalid write and application crash, or possibly have other unspecified impacts. The attack vectors involve an IDAT tag in a crafted PNG file.

Recommendations For SWFTools version 0.9.2, consider applying a patch that checks the return value of the realloc call in the png load function to prevent potential crashes and other impacts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.