Vulnerabilities > Swftools
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-16868 | NULL Pointer Dereference vulnerability in Swftools 0.9.2 In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file. | 5.5 |
| 2017-11-17 | CVE-2017-1000187 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, an address access exception was found in pdf2swf. | 7.8 |
| 2017-11-17 | CVE-2017-1000186 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, a stack overflow was found in pdf2swf. | 5.5 |
| 2017-11-17 | CVE-2017-1000185 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, a memcpy buffer overflow was found in gif2swf. | 5.5 |
| 2017-11-17 | CVE-2017-1000182 | Missing Release of Resource after Effective Lifetime vulnerability in Swftools In SWFTools, a memory leak was found in wav2swf. | 5.5 |
| 2017-11-17 | CVE-2017-1000176 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, a memcpy buffer overflow was found in swfc. | 5.5 |
| 2017-11-17 | CVE-2017-1000174 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools In SWFTools, an address access exception was found in swfdump swf_GetBits(). | 5.5 |
| 2017-11-12 | CVE-2017-16797 | Integer Overflow or Wraparound vulnerability in Swftools 0.9.2 In SWFTools 0.9.2, the png_load function in lib/png.c does not properly validate an alloclen_64 multiplication of width and height values, which allows remote attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and application crash) or possibly have unspecified other impact via a crafted PNG file. | 7.8 |
| 2017-11-12 | CVE-2017-16796 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Swftools 0.9.2 In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors involving an IDAT tag in a crafted PNG file. | 7.8 |
| 2017-11-12 | CVE-2017-16794 | Out-of-bounds Read vulnerability in Swftools 0.9.2 The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf. | 5.5 |