Libming: >> Libming >> 0.4.8 Security Vulnerabilities
In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-01-05
The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.
CVSS Score
5.5
EPSS Score
0.001
Published
2017-11-20
The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.
CVSS Score
6.5
EPSS Score
0.003
Published
2017-11-18
The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack against parser.c.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-06-28
util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A crafted input will lead to a remote denial of service (NULL pointer dereference) attack.
CVSS Score
6.5
EPSS Score
0.006
Published
2017-06-28
The readString function in util/read.c and util/old/read.c in libming 0.4.8 allows remote attackers to cause a denial of service via a large file that is mishandled by listswf, listaction, etc. This occurs because of an integer overflow that leads to a memory allocation error.
CVSS Score
6.5
EPSS Score
0.004
Published
2017-05-31
Page 10