CVE-2024-28458

Name of the Vulnerable Software and Affected Versions swftools version 0.9.2

Description The issue allows attackers to crash the application via the function compileSWFActionCode in action/actioncompiler.c. This is due to a Null Pointer Dereference vulnerability in the swfdump component of swftools.

Recommendations For swftools version 0.9.2, consider disabling the compileSWFActionCode function as a temporary workaround until a patch is available. Restrict access to the swfdump component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.