Shodan
Vulnerabilities
Vulnerable Software
Swftools:  >> Swftools  >> 0.9.2  Security Vulnerabilities
CVE-2017-16794
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.
CVSS Score
5.5
EPSS Score
0.002
Published
2017-11-12
CVE-2017-16711
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-11-09
CVE-2017-11096
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-07-07
CVE-2017-11097
When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-07-07
CVE-2017-11098
When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-07-07
CVE-2017-11099
When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-07-07
CVE-2017-11100
When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-07-07
CVE-2017-11101
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-07-07
CVE-2017-10976
When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-07-06
CVE-2017-7698
A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf 3.02.
CVSS Score
7.8
EPSS Score
0.006
Published
2017-05-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved