Libming 0.4.8 Denial Of Service
- Details
- Written by: khalil shreateh
- Category: Vulnerabilities
- Hits: 762
[CVE-2017-8782]Libming readString denial of service
================
CVE ID : CVE-2017-8782
Author :
[CVE-2017-8782]Libming readString denial of service
================
CVE ID : CVE-2017-8782
Author : qflb.wu
===============
Introduction:
=============
Ming is a Flash (SWF) output library. It can be used from PHP, Perl, Ruby, Python, C, C++, Java, and probably more on the way.
Affected version:
=====
0.4.8
Vulnerability Description:
==========================
the readString function in util/read.c and util/old/read.c in libming 0.4.8 can cause a denial of service via a large file via listswf listaction etc
char *readString(FILE *f)
{
int len = 0, buflen = 256;
char c, *buf, *p;
buf = (char *)malloc(sizeof(char)*256);
p = buf;
while((c=(char)readUInt8(f)) != '