libming Ming Ming is a library for generating Macromedia Flash files (.swf), written in C

Do you want an email whenever new security vulnerabilities are reported in libming Ming?

By the Year

In 2024 there have been 4 vulnerabilities in libming Ming with an average score of 6.5 out of ten. Last year Ming had 9 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Ming in 2024 could surpass last years number. Last year, the average CVE base score was greater by 0.80

Year	Vulnerabilities	Average Score
2024	4	6.50
2023	9	7.30
2022	2	6.50
2021	0	0.00
2020	4	8.38
2019	5	7.48
2018	42	7.37

It may take a day or so for new Ming vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent libming Ming Security Vulnerabilities

A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8

CVE-2024-24146 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.

Memory Leak

A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8

CVE-2024-24147 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file.

Memory Leak

A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8

CVE-2024-24149 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

Memory Leak

A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8

CVE-2024-24150 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file.

Memory Leak

Buffer Overflow vulnerability in libming version 0.4.8

CVE-2023-50628 9.8 - Critical - December 20, 2023

Buffer Overflow vulnerability in libming version 0.4.8, allows attackers to execute arbitrary code and obtain sensitive information via parser.c component.

Classic Buffer Overflow

Buffer Overflow vulnerability in Libming Libming v.0.4.8

CVE-2023-40781 6.5 - Medium - August 28, 2023

Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.

Memory Corruption

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.

CVE-2023-36239 8.8 - High - June 22, 2023

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.

Classic Buffer Overflow

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8

CVE-2023-30083 5.5 - Medium - May 09, 2023

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c.

Classic Buffer Overflow

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8

CVE-2023-30085 5.5 - Medium - May 09, 2023

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c.

Classic Buffer Overflow

An issue found in libming swftophp v.0.4.8

CVE-2023-30084 5.5 - Medium - May 09, 2023

An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c.

Out-of-bounds Read

An issue found in libming v.0.4.8

CVE-2021-31240 7.8 - High - May 09, 2023

An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file.

Memory Leak

libming v0.4.8 was discovered to contain a stack buffer overflow

CVE-2023-31976 8.8 - High - May 09, 2023

libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c.

Memory Corruption

libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow

CVE-2022-44232 7.5 - High - April 26, 2023

libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427.

Classic Buffer Overflow

In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check

CVE-2021-44591 6.5 - Medium - January 06, 2022

In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file.

Allocation of Resources Without Limits or Throttling

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c

CVE-2021-44590 6.5 - Medium - January 06, 2022

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability.

Allocation of Resources Without Limits or Throttling

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c.

CVE-2020-11895 9.1 - Critical - April 19, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c.

Out-of-bounds Read

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.

CVE-2020-11894 9.1 - Critical - April 19, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.

Out-of-bounds Read

Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c.

CVE-2020-6629 6.5 - Medium - January 09, 2020

Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c.

NULL Pointer Dereference

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.

CVE-2020-6628 8.8 - High - January 09, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.

Out-of-bounds Read

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.

CVE-2019-16705 9.1 - Critical - September 23, 2019

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.

Out-of-bounds Read

Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.

CVE-2019-12981 8.8 - High - June 26, 2019

Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.

Buffer Overflow

In Ming (aka libming) 0.4.8

CVE-2019-12980 6.5 - Medium - June 26, 2019

In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

Integer Overflow or Wraparound

Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a

CVE-2019-12982 6.5 - Medium - June 26, 2019

Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file.

Buffer Overflow

An issue was discovered in libming 0.4.8

CVE-2019-3572 6.5 - Medium - January 02, 2019

An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts.

Out-of-bounds Read

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8

CVE-2018-20591 6.5 - Medium - December 30, 2018

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx.

Out-of-bounds Read

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file

CVE-2018-20429 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165.

NULL Pointer Dereference

libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file

CVE-2018-20428 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874.

NULL Pointer Dereference

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file

CVE-2018-20427 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132.

NULL Pointer Dereference

libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file

CVE-2018-20426 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866.

NULL Pointer Dereference

libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.

CVE-2018-20425 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.

NULL Pointer Dereference

An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12

CVE-2018-15871 6.5 - Medium - August 25, 2018

An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Buffer Overflow

An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12

CVE-2018-15870 6.5 - Medium - August 25, 2018

An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Buffer Overflow

In libming 0.4.8

CVE-2018-13251 6.5 - Medium - July 05, 2018

In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

Resource Exhaustion

libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT

CVE-2018-13250 6.5 - Medium - July 05, 2018

libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

NULL Pointer Dereference

There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service

CVE-2018-13066 7.5 - High - July 02, 2018

There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2, or parseSWF_SHAPEWITHSTYLE.

Missing Release of Resource after Effective Lifetime

The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11226 8.8 - High - May 17, 2018

The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.

Buffer Overflow

The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11225 8.8 - High - May 17, 2018

The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.

Buffer Overflow

The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11100 8.8 - High - May 15, 2018

The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.

Buffer Overflow

The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11095 8.8 - High - May 15, 2018

The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.

Buffer Overflow

The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11017 8.8 - High - May 13, 2018

The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact.

Buffer Overflow

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may

CVE-2018-9165 6.5 - Medium - April 01, 2018

The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file.

NULL Pointer Dereference

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file

CVE-2018-9132 6.5 - Medium - March 30, 2018

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

NULL Pointer Dereference

In libming 0.4.8

CVE-2018-9009 8.8 - High - March 25, 2018

In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file.

Dangling pointer

In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free

CVE-2018-8962 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

Dangling pointer

In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free

CVE-2018-8961 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

Dangling pointer

In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free

CVE-2018-8963 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

Dangling pointer

In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free

CVE-2018-8964 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

Dangling pointer

In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c

CVE-2018-8807 6.5 - Medium - March 20, 2018

In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

Dangling pointer

In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c

CVE-2018-8806 6.5 - Medium - March 20, 2018

In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c. Remote attackers could use this vulnerability to cause a denial-of-service via a crafted swf file.

Dangling pointer

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which

CVE-2018-7876 6.5 - Medium - March 08, 2018

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which allows remote attackers to cause a denial of service via a crafted file.

Resource Exhaustion

A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8

CVE-2018-7866 6.5 - Medium - March 08, 2018

A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

NULL Pointer Dereference

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf

CVE-2018-7867 6.5 - Medium - March 08, 2018

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf. A Crafted input will lead to a denial of service attack.

Memory Corruption

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data

CVE-2018-7868 6.5 - Medium - March 08, 2018

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

Out-of-bounds Read

There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8

CVE-2018-7869 7.5 - High - March 08, 2018

There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack.

Missing Release of Resource after Effective Lifetime

An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data

CVE-2018-7870 6.5 - Medium - March 08, 2018

An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

NULL Pointer Dereference

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data

CVE-2018-7871 8.8 - High - March 08, 2018

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data. A crafted input will lead to a denial of service or possibly unspecified other impact.

Out-of-bounds Read

An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data

CVE-2018-7872 6.5 - Medium - March 08, 2018

An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

NULL Pointer Dereference

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data

CVE-2018-7873 6.5 - Medium - March 08, 2018

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data. A Crafted input will lead to a denial of service attack.

Memory Corruption

An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8

CVE-2018-7874 6.5 - Medium - March 08, 2018

An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8. The vulnerability causes a segmentation fault and application crash, which leads to denial of service.

Buffer Overflow

There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data

CVE-2018-7875 6.5 - Medium - March 08, 2018

There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data. A Crafted input will lead to a denial of service attack.

Out-of-bounds Read

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data

CVE-2018-7877 6.5 - Medium - March 08, 2018

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data. A Crafted input will lead to a denial of service attack.

Memory Corruption

The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may

CVE-2018-6359 8.8 - High - January 27, 2018

The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.

Dangling pointer

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may

CVE-2018-6358 8.8 - High - January 27, 2018

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may allow attackers to cause a denial of service or unspecified other impact via a crafted FDB file.

Memory Corruption

The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may

CVE-2018-6315 8.8 - High - January 25, 2018

The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may allow attackers to cause a denial of service or unspecified other impact via a crafted SWF file.

Integer Overflow or Wraparound

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c)

CVE-2018-5294 6.5 - Medium - January 08, 2018

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c). Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file.

Integer Overflow or Wraparound

In libming 0.4.8

CVE-2018-5251 6.5 - Medium - January 05, 2018

In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.

Incorrect Conversion between Numeric Types

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by libming? Click the Watch button to subscribe.

libming
Vendor

libming Ming
Ming is a library for generating Macromedia Flash files (.swf), written in C

libming Ming Ming is a library for generating Macromedia Flash files (.swf), written in C

By the Year

Recent libming Ming Security Vulnerabilities

A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 CVE-2024-24146 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 CVE-2024-24147 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 CVE-2024-24149 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 CVE-2024-24150 6.5 - Medium - February 29, 2024

Buffer Overflow vulnerability in libming version 0.4.8 CVE-2023-50628 9.8 - Critical - December 20, 2023

Buffer Overflow vulnerability in Libming Libming v.0.4.8 CVE-2023-40781 6.5 - Medium - August 28, 2023

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c. CVE-2023-36239 8.8 - High - June 22, 2023

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 CVE-2023-30083 5.5 - Medium - May 09, 2023

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 CVE-2023-30085 5.5 - Medium - May 09, 2023

An issue found in libming swftophp v.0.4.8 CVE-2023-30084 5.5 - Medium - May 09, 2023

An issue found in libming v.0.4.8 CVE-2021-31240 7.8 - High - May 09, 2023

libming v0.4.8 was discovered to contain a stack buffer overflow CVE-2023-31976 8.8 - High - May 09, 2023

libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow CVE-2022-44232 7.5 - High - April 26, 2023

In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check CVE-2021-44591 6.5 - Medium - January 06, 2022

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c CVE-2021-44590 6.5 - Medium - January 06, 2022

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c. CVE-2020-11895 9.1 - Critical - April 19, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c. CVE-2020-11894 9.1 - Critical - April 19, 2020

Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c. CVE-2020-6629 6.5 - Medium - January 09, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. CVE-2020-6628 8.8 - High - January 09, 2020

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. CVE-2019-16705 9.1 - Critical - September 23, 2019

Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c. CVE-2019-12981 8.8 - High - June 26, 2019

In Ming (aka libming) 0.4.8 CVE-2019-12980 6.5 - Medium - June 26, 2019

Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a CVE-2019-12982 6.5 - Medium - June 26, 2019

An issue was discovered in libming 0.4.8 CVE-2019-3572 6.5 - Medium - January 02, 2019

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8 CVE-2018-20591 6.5 - Medium - December 30, 2018

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file CVE-2018-20429 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file CVE-2018-20428 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file CVE-2018-20427 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file CVE-2018-20426 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file. CVE-2018-20425 8.8 - High - December 24, 2018

An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12 CVE-2018-15871 6.5 - Medium - August 25, 2018

An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12 CVE-2018-15870 6.5 - Medium - August 25, 2018

In libming 0.4.8 CVE-2018-13251 6.5 - Medium - July 05, 2018

libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT CVE-2018-13250 6.5 - Medium - July 05, 2018

There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service CVE-2018-13066 7.5 - High - July 02, 2018

The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which CVE-2018-11226 8.8 - High - May 17, 2018

The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which CVE-2018-11225 8.8 - High - May 17, 2018

The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which CVE-2018-11100 8.8 - High - May 15, 2018

The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which CVE-2018-11095 8.8 - High - May 15, 2018

The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which CVE-2018-11017 8.8 - High - May 13, 2018

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file CVE-2018-9132 6.5 - Medium - March 30, 2018

In libming 0.4.8 CVE-2018-9009 8.8 - High - March 25, 2018

In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free CVE-2018-8962 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free CVE-2018-8961 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free CVE-2018-8963 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free CVE-2018-8964 6.5 - Medium - March 23, 2018

In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c CVE-2018-8807 6.5 - Medium - March 20, 2018

In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c CVE-2018-8806 6.5 - Medium - March 20, 2018

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which CVE-2018-7876 6.5 - Medium - March 08, 2018

A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8 CVE-2018-7866 6.5 - Medium - March 08, 2018

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf CVE-2018-7867 6.5 - Medium - March 08, 2018

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data CVE-2018-7868 6.5 - Medium - March 08, 2018

There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8 CVE-2018-7869 7.5 - High - March 08, 2018

An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data CVE-2018-7870 6.5 - Medium - March 08, 2018

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data CVE-2018-7871 8.8 - High - March 08, 2018

An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data CVE-2018-7872 6.5 - Medium - March 08, 2018

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data CVE-2018-7873 6.5 - Medium - March 08, 2018

An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8 CVE-2018-7874 6.5 - Medium - March 08, 2018

There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data CVE-2018-7875 6.5 - Medium - March 08, 2018

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data CVE-2018-7877 6.5 - Medium - March 08, 2018

The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may CVE-2018-6359 8.8 - High - January 27, 2018

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may CVE-2018-6358 8.8 - High - January 27, 2018

The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may CVE-2018-6315 8.8 - High - January 25, 2018

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c) CVE-2018-5294 6.5 - Medium - January 08, 2018

In libming 0.4.8 CVE-2018-5251 6.5 - Medium - January 05, 2018

Stay on top of Security Vulnerabilities

libming Vendor

libming MingMing is a library for generating Macromedia Flash files (.swf), written in C

A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8

CVE-2024-24146 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8

CVE-2024-24147 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8

CVE-2024-24149 6.5 - Medium - February 29, 2024

A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8

CVE-2024-24150 6.5 - Medium - February 29, 2024

Buffer Overflow vulnerability in libming version 0.4.8

CVE-2023-50628 9.8 - Critical - December 20, 2023

Buffer Overflow vulnerability in Libming Libming v.0.4.8

CVE-2023-40781 6.5 - Medium - August 28, 2023

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.

CVE-2023-36239 8.8 - High - June 22, 2023

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8

CVE-2023-30083 5.5 - Medium - May 09, 2023

Buffer Overflow vulnerability found in Libming swftophp v.0.4.8

CVE-2023-30085 5.5 - Medium - May 09, 2023

An issue found in libming swftophp v.0.4.8

CVE-2023-30084 5.5 - Medium - May 09, 2023

An issue found in libming v.0.4.8

CVE-2021-31240 7.8 - High - May 09, 2023

libming v0.4.8 was discovered to contain a stack buffer overflow

CVE-2023-31976 8.8 - High - May 09, 2023

libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow

CVE-2022-44232 7.5 - High - April 26, 2023

In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check

CVE-2021-44591 6.5 - Medium - January 06, 2022

In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c

CVE-2021-44590 6.5 - Medium - January 06, 2022

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c.

CVE-2020-11895 9.1 - Critical - April 19, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c.

CVE-2020-11894 9.1 - Critical - April 19, 2020

Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c.

CVE-2020-6629 6.5 - Medium - January 09, 2020

Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.

CVE-2020-6628 8.8 - High - January 09, 2020

Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a.

CVE-2019-16705 9.1 - Critical - September 23, 2019

Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.

CVE-2019-12981 8.8 - High - June 26, 2019

In Ming (aka libming) 0.4.8

CVE-2019-12980 6.5 - Medium - June 26, 2019

Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a

CVE-2019-12982 6.5 - Medium - June 26, 2019

An issue was discovered in libming 0.4.8

CVE-2019-3572 6.5 - Medium - January 02, 2019

A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8

CVE-2018-20591 6.5 - Medium - December 30, 2018

libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file

CVE-2018-20429 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file

CVE-2018-20428 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file

CVE-2018-20427 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file

CVE-2018-20426 8.8 - High - December 24, 2018

libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file.

CVE-2018-20425 8.8 - High - December 24, 2018

An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12

CVE-2018-15871 6.5 - Medium - August 25, 2018

An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12

CVE-2018-15870 6.5 - Medium - August 25, 2018

In libming 0.4.8

CVE-2018-13251 6.5 - Medium - July 05, 2018

libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT

CVE-2018-13250 6.5 - Medium - July 05, 2018

There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service

CVE-2018-13066 7.5 - High - July 02, 2018

The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11226 8.8 - High - May 17, 2018

The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11225 8.8 - High - May 17, 2018

The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11100 8.8 - High - May 15, 2018

The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11095 8.8 - High - May 15, 2018

The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which

CVE-2018-11017 8.8 - High - May 13, 2018

libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file

CVE-2018-9132 6.5 - Medium - March 30, 2018

In libming 0.4.8

CVE-2018-9009 8.8 - High - March 25, 2018

In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free

CVE-2018-8962 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a use-after-free

CVE-2018-8961 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free

CVE-2018-8963 6.5 - Medium - March 23, 2018

In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free

CVE-2018-8964 6.5 - Medium - March 23, 2018

In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c

CVE-2018-8807 6.5 - Medium - March 20, 2018

In libming 0.4.8, there is a use-after-free in the decompileArithmeticOp function of decompile.c

CVE-2018-8806 6.5 - Medium - March 20, 2018

In libming 0.4.8, a memory exhaustion vulnerability was found in the function parseSWF_ACTIONRECORD in util/parser.c, which

CVE-2018-7876 6.5 - Medium - March 08, 2018

A NULL pointer dereference was discovered in newVar3 in util/decompile.c in libming 0.4.8

CVE-2018-7866 6.5 - Medium - March 08, 2018

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 during a RegisterNumber sprintf

CVE-2018-7867 6.5 - Medium - March 08, 2018

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT8 data

CVE-2018-7868 6.5 - Medium - March 08, 2018

There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8

CVE-2018-7869 7.5 - High - March 08, 2018

An invalid memory address dereference was discovered in getString in util/decompile.c in libming 0.4.8 for CONSTANT16 data

CVE-2018-7870 6.5 - Medium - March 08, 2018

There is a heap-based buffer over-read in the getName function of util/decompile.c in libming 0.4.8 for CONSTANT16 data

CVE-2018-7871 8.8 - High - March 08, 2018

An invalid memory address dereference was discovered in the function getName in libming 0.4.8 for CONSTANT16 data

CVE-2018-7872 6.5 - Medium - March 08, 2018

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for INTEGER data

CVE-2018-7873 6.5 - Medium - March 08, 2018

An invalid memory address dereference was discovered in strlenext in util/decompile.c in libming 0.4.8

CVE-2018-7874 6.5 - Medium - March 08, 2018

There is a heap-based buffer over-read in the getString function of util/decompile.c in libming 0.4.8 for CONSTANT8 data

CVE-2018-7875 6.5 - Medium - March 08, 2018

There is a heap-based buffer overflow in the getString function of util/decompile.c in libming 0.4.8 for DOUBLE data

CVE-2018-7877 6.5 - Medium - March 08, 2018

The decompileIF function (util/decompile.c) in libming through 0.4.8 is vulnerable to a use-after-free, which may

CVE-2018-6359 8.8 - High - January 27, 2018

The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 is vulnerable to a heap-based buffer overflow, which may

CVE-2018-6358 8.8 - High - January 27, 2018

The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming through 0.4.8 is vulnerable to an integer overflow and resultant out-of-bounds read, which may

CVE-2018-6315 8.8 - High - January 25, 2018

In libming 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the readUInt32 function (util/read.c)

CVE-2018-5294 6.5 - Medium - January 08, 2018

In libming 0.4.8

CVE-2018-5251 6.5 - Medium - January 05, 2018

libming
Vendor

libming Ming
Ming is a library for generating Macromedia Flash files (.swf), written in C