libming Ming Ming is a library for generating Macromedia Flash files (.swf), written in C

libming v0.4.8 Mem Leak via parseSWF_MORPHFILLSTYLES
CVE-2025-29497 - March 27, 2025

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function.

libming 0.4.8 segfault in decompileDUPLICATECLIP enables DoS
CVE-2025-29496 - March 27, 2025

libming v0.4.8 was discovered to contain a segmentation fault via the decompileDUPLICATECLIP function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

libming 0.4.8 DoS via decompileGETMEMBER segmentation fault
CVE-2025-29494 - March 27, 2025

libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETMEMBER function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

libming v0.4.8: DecompileGETPROPERTY SegFault DoS
CVE-2025-29493 - March 27, 2025

libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETPROPERTY function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

Segfault in libming v0.4.8 decompileSETVARIABLE
CVE-2025-29492 - March 27, 2025

libming v0.4.8 was discovered to contain a segmentation fault via the decompileSETVARIABLE function.

libming 0.48 DoS via parseSWF_DEFINEBINARYDATA allocation-size-too-big
CVE-2025-29491 - March 27, 2025

An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows attackers to cause a Denial of Service (DoS) via supplying a crafted SWF file.

libming 0.4.8 DoS via crafted SWF, segfault in decompileCALLMETHOD
CVE-2025-29490 - March 27, 2025

libming v0.4.8 was discovered to contain a segmentation fault via the decompileCALLMETHOD function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

Memory Leak in libming v0.4.8 via parseSWF_MORPHLINESTYLES
CVE-2025-29489 - March 27, 2025

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function.

Libming 0.4.8 Mem Leak via parseSWF_INITACTION
CVE-2025-29488 - March 27, 2025

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function.

DoS via OOM in parseABC_STRING_INFO of libming 0.4.8
CVE-2025-29487 - March 27, 2025

An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.

Memory Leak in libming v0.4.8 parseSWF_PLACEOBJECT3
CVE-2025-29486 - March 27, 2025

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function.

libming 0.4.8 Memory Leak via parseSWF_ENABLEDEBUGGER2
CVE-2025-29483 - March 27, 2025

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_ENABLEDEBUGGER2 function.

libming v0.4.8 DoS via parseABC_NS_SET_INFO OOM
CVE-2025-29484 - March 27, 2025

An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.

libming 0.4.8 DoS via decompileRETURN in SWF
CVE-2025-29485 - March 27, 2025

libming v0.4.8 was discovered to contain a segmentation fault via the decompileRETURN function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

Memory Leak in libming 0.4.8 parseSWF_EXPORTASSETS
CVE-2025-26304 - February 20, 2025

A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8.

Memory Leak in libming v0.4.8 ClipActions Parser Causes DoS
CVE-2025-26311 - February 20, 2025

Multiple memory leaks have been identified in the clip actions parsing functions (parseSWF_CLIPACTIONS and parseSWF_CLIPACTIONRECORD) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted SWF file.

libming 0.4.8 Memory Leak in ABC Parser Enables DoS
CVE-2025-26310 - February 20, 2025

Multiple memory leaks have been identified in the ABC file parsing functions (parseABC_CONSTANT_POOL and `parseABC_FILE) in util/parser.c of libming v0.4.8, which allow attackers to cause a denial of service via a crafted ABC file.

Memory Leak in libming 0.4.8 parseSWF_DEFINESCENEANDFRAMEDATA DoS
CVE-2025-26309 - February 20, 2025

A memory leak has been identified in the parseSWF_DEFINESCENEANDFRAMEDATA function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

Memory Leak in libming v0.4.8 parseSWF_FILTERLIST causes DoS
CVE-2025-26308 - February 20, 2025

A memory leak has been identified in the parseSWF_FILTERLIST function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

libming v0.4.8: Mem Leak in parseSWF_IMPORTASSETS2 Enables DoS via SWF
CVE-2025-26307 - February 20, 2025

A memory leak has been identified in the parseSWF_IMPORTASSETS2 function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

Memory Leak in libming 0.4.8 readSizedString causes DoS
CVE-2025-26306 - February 20, 2025

A memory leak has been identified in the readSizedString function in util/read.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted file.

libming 0.4.8 memory leak in parseSWF_SOUNDINFO causing DoS
CVE-2025-26305 - February 20, 2025

A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

Mem Leak in parseSWF_TEXTRECORD of libming v0.4.8 (DoS)
CVE-2024-24150 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

Memory Leak

Libming v0.4.8 Memory Leak in parseSWF_DEFINEBUTTON Enables Denial of Service
CVE-2024-24146 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.

Memory Leak

Memory Leak in libming v0.4.8 parseSWF_FILLSTYLEARRAY causes DoS via crafted SWF
CVE-2024-24147 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.

Memory Leak

libming v0.4.8 Memory Leak DOS via parseSWF_GLYPHENTRY
CVE-2024-24149 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

Memory Leak

Memory Leak in libming v0.4.8 parseSWF_FREECHARACTER causes DoS via crafted SWF
CVE-2024-24148 - February 28, 2024

A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

Memory Leak in libming 0.4.8 ActionCompiler component
CVE-2024-25770 - February 26, 2024

libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.

Buffer Overflow in libming 0.4.8 parser.c Enables Exec
CVE-2023-50628 9.8 - Critical - December 20, 2023

Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component.

Classic Buffer Overflow

Buffer Overflow vulnerability in Libming Libming v.0.4.8
CVE-2023-40781 6.5 - Medium - August 28, 2023

Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.

Memory Corruption

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.
CVE-2023-36239 8.8 - High - June 22, 2023

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.

Classic Buffer Overflow

An issue found in libming v.0.4.8
CVE-2021-31240 7.8 - High - May 09, 2023

An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file.

Memory Leak

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8
CVE-2023-30083 5.5 - Medium - May 09, 2023

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c.

Classic Buffer Overflow

An issue found in libming swftophp v.0.4.8
CVE-2023-30084 5.5 - Medium - May 09, 2023

An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c.

Out-of-bounds Read

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8
CVE-2023-30085 5.5 - Medium - May 09, 2023

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c.

Classic Buffer Overflow

libming v0.4.8 was discovered to contain a stack buffer overflow
CVE-2023-31976 8.8 - High - May 09, 2023

libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c.

Memory Corruption

libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow
CVE-2022-44232 7.5 - High - April 26, 2023

libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427.

Classic Buffer Overflow

In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check
CVE-2021-44591 6.5 - Medium - January 06, 2022

In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file.

Allocation of Resources Without Limits or Throttling

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c
CVE-2021-44590 6.5 - Medium - January 06, 2022

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability.

Allocation of Resources Without Limits or Throttling

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.
CVE-2020-11894 9.1 - Critical - April 19, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.

Out-of-bounds Read

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c.
CVE-2020-11895 9.1 - Critical - April 19, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c.

Out-of-bounds Read

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.
CVE-2020-6628 8.8 - High - January 09, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.

Out-of-bounds Read

Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c.
CVE-2020-6629 6.5 - Medium - January 09, 2020

Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c.

NULL Pointer Dereference

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.
CVE-2019-16705 9.1 - Critical - September 23, 2019

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.

Out-of-bounds Read

In Ming (aka libming) 0.4.8
CVE-2019-12980 6.5 - Medium - June 26, 2019

In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

Integer Overflow or Wraparound

Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a
CVE-2019-12982 6.5 - Medium - June 26, 2019

Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file.

Buffer Overflow

Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.
CVE-2019-12981 8.8 - High - June 26, 2019

Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.

Buffer Overflow

An issue was discovered in libming 0.4.8
CVE-2019-3572 6.5 - Medium - January 02, 2019

An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts.

Out-of-bounds Read

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8
CVE-2018-20591 6.5 - Medium - December 30, 2018

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx.

Out-of-bounds Read

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file
CVE-2018-20429 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165.

NULL Pointer Dereference