PT-2018-18901 · Libming · Libming
Fantasy7082
·
Published
2018-04-01
·
Updated
2019-04-10
·
CVE-2018-9165
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
libming versions prior to 0.4.8
Description
The issue arises from the
pushdup function in util/decompile.c, which fails to perform a deep copy of a String at the top of the stack when ActionPushDuplicate is executed. This oversight makes the library susceptible to a NULL pointer dereference in getName, potentially allowing attackers to cause a denial of service by providing a crafted SWF file.Recommendations
For versions prior to 0.4.8, update to version 0.4.8 or later to resolve the issue.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libming