Shodan
Vulnerabilities
Vulnerable Software
Swftools:  >> Swftools  Security Vulnerabilities
CVE-2017-1000176
In SWFTools, a memcpy buffer overflow was found in swfc.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000182
In SWFTools, a memory leak was found in wav2swf.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000185
In SWFTools, a memcpy buffer overflow was found in gif2swf.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000186
In SWFTools, a stack overflow was found in pdf2swf.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-11-17
CVE-2017-1000187
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()
CVSS Score
7.8
EPSS Score
0.002
Published
2017-11-17
CVE-2017-16796
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-11-12
CVE-2017-16797
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file.
CVSS Score
7.8
EPSS Score
0.003
Published
2017-11-12
CVE-2017-16793
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
CVSS Score
7.8
EPSS Score
0.002
Published
2017-11-12
CVE-2017-16794
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-11-12
CVE-2017-16711
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved