Skip to main content

Swftools CVE-2024-26337

MEDIUM
2024-03-05 cve@mitre.org
4.3
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Mar 05, 2024 - 09:15 cve.org
MEDIUM 4.3

DescriptionCVE.org

swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c.

AnalysisAI

swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. Affected products include: Swftools.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-40009 CRITICAL POC
9.8 Sep 20

SWFTools commit 772e55a was discovered to contain a heap-use-after-free via the function grow_unicode at /lib/ttf.c. Rat

CVE-2022-40008 CRITICAL POC
9.8 Sep 20

SWFTools commit 772e55a was discovered to contain a heap-buffer overflow via the function readU8 at /lib/ttf.c. Rated cr

CVE-2024-26339 CRITICAL POC
9.1 Mar 05

swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. Rated critica

CVE-2017-8400 HIGH POC
8.8 May 01

In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. Rated high

CVE-2017-11099 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono

CVE-2017-11098 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() funct

CVE-2017-11101 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocat

CVE-2017-11100 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSpr

CVE-2017-11097 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() fun

CVE-2017-11096 HIGH POC
8.8 Jul 07

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteF

CVE-2024-25165 HIGH POC
7.8 Feb 14

A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.

CVE-2024-22956 HIGH POC
7.8 Jan 19

swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/s

Share

CVE-2024-26337 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy