Skip to main content

Swftools CVE-2021-39584

MEDIUM
NULL Pointer Dereference (CWE-476)
2021-09-20 cve@mitre.org
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 20, 2021 - 16:15 nvd
MEDIUM 5.5

DescriptionNVD

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() located in pool.c. It allows an attacker to cause Denial of Service.

AnalysisAI

An issue was discovered in swftools through 20200710. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() located in pool.c. It allows an attacker to cause Denial of Service. Affected products include: Swftools. Version information: through 20200710..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.

CVE-2022-40009 CRITICAL POC
9.8 Sep 20

SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c. Rat

CVE-2022-40008 CRITICAL POC
9.8 Sep 20

SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c. Rated cr

CVE-2024-26339 CRITICAL POC
9.1 Mar 05

swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. Rated critica

CVE-2017-8400 HIGH POC
8.8 May 01

In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. Rated high

CVE-2017-11099 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono

CVE-2017-11098 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() funct

CVE-2017-11101 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocat

CVE-2017-11100 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSpr

CVE-2017-11097 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() fun

CVE-2017-11096 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteF

CVE-2024-25165 HIGH POC
7.8 Feb 14

A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.

CVE-2024-22956 HIGH POC
7.8 Jan 19

swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/s

Share

CVE-2021-39584 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy