126 matches found
CVE-2024-22919
swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.
CVE-2024-22562
swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c.
CVE-2024-22957
swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190.
CVE-2024-22911
A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.
CVE-2024-22955
swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576.
CVE-2023-29950
swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c
CVE-2024-25165
A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.
CVE-2022-35100
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via gfxline_getbbox at /lib/gfxtools.c.
CVE-2022-35114
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via extractFrame at /readers/swf.c.
CVE-2021-42202
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service.
CVE-2022-35110
SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CVE-2022-35109
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.
CVE-2022-35107
SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c.
CVE-2021-42200
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.
CVE-2021-42198
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.
CVE-2022-35108
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.
CVE-2021-42199
An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.
CVE-2022-35085
SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
CVE-2024-26337
swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c.
CVE-2021-39583
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2() located in pool.c. It allows an attacker to cause Denial of Service.
CVE-2021-42195
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution.
CVE-2022-35104
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::reset() at /xpdf/Stream.cc.
CVE-2022-35113
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swf_DefineLosslessBitsTagToImage at /modules/swfbits.c.
CVE-2017-8401
In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.
CVE-2021-42204
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution.
CVE-2022-35105
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via /bin/png2swf+0x552cea.
CVE-2017-8400
In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution.
CVE-2021-39593
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_FontExtract_DefineFontInfo() located in swftext.c. It allows an attacker to cause Denial of Service.
CVE-2021-42203
An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution.
CVE-2022-35106
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::computeTableChecksum(unsigned char*, int) at /xpdf/FoFiTrueType.cc.
CVE-2022-35111
SWFTools commit 772e55a2 was discovered to contain a stack overflow via __sanitizer::StackDepotNode::hash(__sanitizer::StackTrace const&) at /sanitizer_common/sanitizer_stackdepot.cpp.
CVE-2024-26334
swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c.
CVE-2024-26335
swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c.
CVE-2022-35087
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c.
CVE-2024-26333
swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c.
CVE-2024-26339
swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.
CVE-2021-42196
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service.
CVE-2017-1000187
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()
CVE-2017-16797
In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified ot...
CVE-2021-42197
An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution.
CVE-2022-35091
SWFTools commit 772e55a2 was discovered to contain a floating point exception (FPE) via DCTStream::readMCURow() at /xpdf/Stream.cc.ow()
CVE-2017-1000174
In SWFTools, an address access exception was found in swfdump swf_GetBits().
CVE-2017-16794
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png...
CVE-2017-16890
SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.
CVE-2021-39582
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function swf_GetPlaceObject() located in swfobject.c. It allows an attacker to cause code Execution.
CVE-2021-42201
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution.
CVE-2017-11096
When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.
CVE-2021-39554
An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function Lexer::Lexer() located in Lexer.cc. It allows an attacker to cause Denial of Service.
CVE-2021-39569
An issue was discovered in swftools through 20200710. A heap-buffer-overflow exists in the function OpAdvance() located in swfaction.c. It allows an attacker to cause code Execution.
CVE-2022-35092
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via convert_gfxline at /gfxpoly/convert.c.