Skip to main content

Libming CVE-2023-40781

MEDIUM
Out-of-bounds Write (CWE-787)
2023-08-28 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 28, 2023 - 22:15 nvd
MEDIUM 6.5

DescriptionNVD

Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.

AnalysisAI

Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function. Affected products include: Libming.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2023-50628 CRITICAL POC
9.8 Dec 20

Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive

CVE-2020-11895 CRITICAL POC
9.1 Apr 19

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c. Rated

CVE-2020-11894 CRITICAL POC
9.1 Apr 19

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c. Rated

CVE-2019-16705 CRITICAL POC
9.1 Sep 23

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in lib

CVE-2023-36239 HIGH POC
8.8 Jun 22

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.

CVE-2023-31976 HIGH POC
8.8 May 09

libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_ut

CVE-2020-6628 HIGH POC
8.8 Jan 09

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. Rated high

CVE-2019-7582 HIGH POC
8.8 Feb 07

The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a

CVE-2019-7581 HIGH POC
8.8 Feb 07

The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified

CVE-2018-20429 HIGH POC
8.8 Dec 24

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability

CVE-2018-20428 HIGH POC
8.8 Dec 24

libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerabilit

CVE-2018-20427 HIGH POC
8.8 Dec 24

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability t

Share

CVE-2023-40781 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy