Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of service (application crash) via a 1x1 JPEG image.
CVSS Score
5.0
EPSS Score
0.009
Published
2008-08-27
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
CVSS Score
4.3
EPSS Score
0.004
Published
2008-04-16