Swftools@0.9.2 Security Vulnerabilities and Issues — Swftools@0.9.2 CVE List

Lucene search

SwftoolsSwftools0.9.2

38 matches found

CVE•added 2024/01/19 6:15 p.m.•216 views

CVE-2024-22919

swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.

7.8CVSS7.6AI score0.00075EPSS

CVE•added 2024/01/19 3:15 p.m.•204 views

CVE-2024-22562

swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c.

7.8CVSS7.6AI score0.00075EPSS

CVE•added 2024/01/19 6:15 p.m.•200 views

CVE-2024-22957

swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190.

5.5CVSS5.5AI score0.00053EPSS

CVE•added 2024/01/19 6:15 p.m.•197 views

CVE-2024-22911

A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.

7.8CVSS7.5AI score0.00075EPSS

CVE•added 2024/01/19 6:15 p.m.•196 views

CVE-2024-22955

swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576.

7.8CVSS7.6AI score0.00073EPSS

CVE•added 2023/04/27 8:15 p.m.•84 views

CVE-2023-29950

swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c

5.5CVSS5.8AI score0.00078EPSS

CVE•added 2024/02/14 8:15 p.m.•75 views

CVE-2024-25165

A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex.

8.8CVSS6.8AI score0.00119EPSS

CVE•added 2024/03/05 9:15 a.m.•51 views

CVE-2024-26337

swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c.

4.3CVSS7.2AI score0.00103EPSS

CVE•added 2024/03/05 9:15 a.m.•48 views

CVE-2024-26334

swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c.

6.2CVSS7.2AI score0.00033EPSS

CVE•added 2024/03/05 9:15 a.m.•47 views

CVE-2024-26335

swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c.

5.5CVSS7.2AI score0.00136EPSS

CVE•added 2024/03/05 8:15 a.m.•46 views

CVE-2024-26333

swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c.

5.5CVSS7.2AI score0.00033EPSS

CVE•added 2024/03/05 9:15 a.m.•46 views

CVE-2024-26339

swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.

9.1CVSS7.2AI score0.00157EPSS

CVE•added 2017/11/12 6:29 p.m.•43 views

CVE-2017-16797

In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified ot...

7.8CVSS8.1AI score0.00252EPSS

CVE•added 2017/11/12 5:29 a.m.•42 views

CVE-2017-16794

The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png...

5.5CVSS5.5AI score0.00202EPSS

CVE•added 2018/07/09 11:29 a.m.•42 views

CVE-2017-16890

SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.

5.5CVSS5.4AI score0.00165EPSS

CVE•added 2017/07/07 6:29 p.m.•41 views

CVE-2017-11096

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_DeleteFilter() function in lib/modules/swffilter.c.

8.8CVSS8.4AI score0.00349EPSS

CVE•added 2017/07/07 6:29 p.m.•40 views

CVE-2017-11099

When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to a Segmentation Violation in the wav_convert2mono() function in lib/wav.c.

8.8CVSS8.4AI score0.00407EPSS

CVE•added 2017/11/09 6:29 p.m.•39 views

CVE-2017-16711

The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bit...

5.5CVSS5.4AI score0.00443EPSS

CVE•added 2017/11/12 6:29 p.m.•39 views

CVE-2017-16796

In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file...

7.8CVSS8AI score0.00231EPSS

CVE•added 2017/11/17 9:29 a.m.•39 views

CVE-2017-16868

In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.

5.5CVSS5.5AI score0.00189EPSS

CVE•added 2024/01/19 6:15 p.m.•39 views

CVE-2024-22956

swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838

7.8CVSS7.6AI score0.00074EPSS

CVE•added 2017/07/07 6:29 p.m.•38 views

CVE-2017-11101

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swf_Relocate() function in lib/modules/swftools.c.

8.8CVSS8.4AI score0.00349EPSS

CVE•added 2023/03/23 2:15 a.m.•38 views

CVE-2023-27249

swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.

5.5CVSS5.8AI score0.00035EPSS

CVE•added 2024/04/11 9:15 p.m.•38 views

CVE-2024-28458

Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c.

7.5CVSS6.7AI score0.00211EPSS

CVE•added 2017/07/07 6:29 p.m.•37 views

CVE-2017-11100

When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead to a NULL Pointer Dereference in the swf_FoldSprite() function in lib/rxfswf.c.

8.8CVSS8.4AI score0.00349EPSS

CVE•added 2024/01/19 6:15 p.m.•37 views

CVE-2024-22915

A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.

7.8CVSS7.7AI score0.00084EPSS

CVE•added 2017/07/07 6:29 p.m.•36 views

CVE-2017-11097

When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a NULL Pointer Dereference in the dict_lookup() function in lib/q.c.

8.8CVSS8.4AI score0.00349EPSS

CVE•added 2017/07/07 6:29 p.m.•35 views

CVE-2017-11098

When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to a Segmentation Violation in the png_load() function in lib/png.c.

8.8CVSS8.4AI score0.00407EPSS

CVE•added 2017/11/12 5:29 a.m.•35 views

CVE-2017-16793

The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.

7.8CVSS8.1AI score0.00236EPSS

CVE•added 2023/02/24 2:15 a.m.•35 views

CVE-2022-46440

ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.

5.5CVSS5.5AI score0.00023EPSS

CVE•added 2024/01/19 6:15 p.m.•35 views

CVE-2024-22913

A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.

7.8CVSS7.7AI score0.00068EPSS

CVE•added 2024/01/19 6:15 p.m.•35 views

CVE-2024-22914

A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.

5.5CVSS5.4AI score0.00052EPSS

CVE•added 2017/07/06 3:29 p.m.•34 views

CVE-2017-10976

When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c.

7.5CVSS7.4AI score0.00334EPSS

CVE•added 2023/04/04 3:15 p.m.•31 views

CVE-2023-26991

SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c.

7.8CVSS7.6AI score0.00033EPSS

CVE•added 2024/01/19 3:15 p.m.•31 views

CVE-2024-22920

swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.

7.8CVSS7.6AI score0.0007EPSS

CVE•added 2024/01/11 8:15 a.m.•30 views

CVE-2023-37644

SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c.

5.5CVSS5.6AI score0.00094EPSS

CVE•added 2024/01/19 6:15 p.m.•30 views

CVE-2024-22912

A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.

7.8CVSS7.7AI score0.00068EPSS

CVE•added 2025/06/19 6:15 p.m.•6 views

CVE-2025-6271

A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclo...

4.8CVSS4AI score0.00032EPSS