In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.