Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c.
7.6AI Score
0.024EPSS
5.5CVSS
5.4AI Score
0.001EPSS
5.5CVSS
5.7AI Score
0.001EPSS
5.5CVSS
5.4AI Score
0.001EPSS
5.5CVSS
5.7AI Score
0.001EPSS
5.5CVSS
5.6AI Score
0.001EPSS
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()
7.8CVSS
7.5AI Score
0.001EPSS
When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c.
7.5CVSS
7.4AI Score
0.001EPSS
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.
8.8CVSS
8.4AI Score
0.002EPSS
When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.
8.8CVSS
8.4AI Score
0.002EPSS
When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.
8.8CVSS
8.4AI Score
0.002EPSS
When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.
8.8CVSS
8.4AI Score
0.002EPSS
When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.
8.8CVSS
8.4AI Score
0.002EPSS
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.
8.8CVSS
8.4AI Score
0.002EPSS
The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bit...
5.5CVSS
5.4AI Score
0.001EPSS
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
7.8CVSS
8.1AI Score
0.002EPSS
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png...
5.5CVSS
5.5AI Score
0.001EPSS
In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file...
7.8CVSS
8AI Score
0.002EPSS
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified ot...
7.8CVSS
8.1AI Score
0.002EPSS
In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.
5.5CVSS
5.5AI Score
0.001EPSS
SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.
5.5CVSS
5.4AI Score
0.001EPSS
A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf 3.02.
7.8CVSS
8AI Score
0.008EPSS
In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution.
8.8CVSS
8.9AI Score
0.004EPSS
In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.
6.5CVSS
7.2AI Score
0.001EPSS
SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS (Access Violat...
6.5CVSS
6.4AI Score
0.001EPSS
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV starting at image00000000_00400000+0x000000000001b72a."
8.8CVSS
8.8AI Score
0.008EPSS
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
8.8CVSS
8.8AI Score
0.008EPSS
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b596."
8.8CVSS
9AI Score
0.004EPSS
In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to a "Read Access Violation starting at image00000000_00400000+0x000000000001b5fe."
8.8CVSS
9AI Score
0.004EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in gmem.cc. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function Lexer::Lexer() located in Lexer.cc. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D0() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D1() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function copyString() located in gmem.cc. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function VectorGraphicOutputDev::drawGeneralImage() located in VectorGraphicOutputDev.cc. It allows an attacker to cause code Execution.
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function GString::~GString() located in GString.cc. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A stack-buffer-overflow exists in the function Gfx::opSetFillColorN() located in Gfx.cc. It allows an attacker to cause code Execution.
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function FileStream::makeSubStream() located in Stream.cc. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause code Execution.
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function OpAdvance() located in swfaction.c. It allows an attacker to cause code Execution.
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function pool_read() located in pool.c. It allows an attacker to cause code Execution.
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function dump_method() located in abc.c. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function main() located in swfdump.c. It allows an attacker to cause code Execution.
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function string_hash() located in q.c. It allows an attacker to cause code Execution.
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_GetPlaceObject() located in swfobject.c. It allows an attacker to cause code Execution.
7.8CVSS
7.5AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2() located in pool.c. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() located in pool.c. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located in abc.c. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpABC() located in abc.c. It allows an attacker to cause Denial of Service.
5.5CVSS
5.3AI Score
0.001EPSS