PT-2023-12144 · Libming · Libming

Radon10043

Published

2023-05-09

Updated

2023-05-15

CVE-2021-31240

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libming version 0.4.8

Description The issue allows a local attacker to execute arbitrary code via the parseSWF IMPORTASSETS function in the parser.c file. This enables the attacker to potentially gain control over the system.

Recommendations For libming version 0.4.8, consider disabling the parseSWF IMPORTASSETS function as a temporary workaround until a patch is available. Restrict access to the parser.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

CVE-2021-31240

Affected Products

Libming

PT-2023-12144 · Libming · Libming

CVE-2021-31240

Weakness Enumeration

Related Identifiers

Affected Products

References · 8