Shodan
Vulnerabilities
Vulnerable Software
Libming:  Security Vulnerabilities
CVE-2019-16705
Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.
CVSS Score
9.1
EPSS Score
0.004
Published
2019-09-23
CVE-2019-12980
In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-06-26
CVE-2019-12981
Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.
CVSS Score
8.8
EPSS Score
0.005
Published
2019-06-26
CVE-2019-12982
Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file.
CVSS Score
6.5
EPSS Score
0.005
Published
2019-06-26
CVE-2019-9113
Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-02-25
CVE-2019-9114
Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-02-25
CVE-2019-7581
The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-02-07
CVE-2019-7582
The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure.
CVSS Score
8.8
EPSS Score
0.003
Published
2019-02-07
CVE-2019-3572
An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-01-02
CVE-2018-20591
A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-12-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved