Skip to main content

Libming CVE-2017-8782

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2017-05-31 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 31, 2017 - 04:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error.

AnalysisAI

The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error. Affected products include: Libming.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2023-50628 CRITICAL POC
9.8 Dec 20

Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive

CVE-2020-11895 CRITICAL POC
9.1 Apr 19

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c. Rated

CVE-2020-11894 CRITICAL POC
9.1 Apr 19

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c. Rated

CVE-2019-16705 CRITICAL POC
9.1 Sep 23

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in lib

CVE-2023-36239 HIGH POC
8.8 Jun 22

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.

CVE-2023-31976 HIGH POC
8.8 May 09

libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_ut

CVE-2020-6628 HIGH POC
8.8 Jan 09

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. Rated high

CVE-2019-7582 HIGH POC
8.8 Feb 07

The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a

CVE-2019-7581 HIGH POC
8.8 Feb 07

The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified

CVE-2018-20429 HIGH POC
8.8 Dec 24

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability

CVE-2018-20428 HIGH POC
8.8 Dec 24

libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerabilit

CVE-2018-20427 HIGH POC
8.8 Dec 24

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability t

Share

CVE-2017-8782 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy