Heap-Buffer Overflow Vulnerability in SWFTools by Matthias Kramm
CVE-2022-35081

5.5MEDIUM

Key Information:

Vendor: Swftools
Status: Swftools
Vendor: CVE Published:; 13 October 2022

What is CVE-2022-35081?

A heap-buffer overflow vulnerability exists in SWFTools that could be triggered by processing specially crafted PNG files. Specifically, the issue is caused by inadequate memory validation in the png_read_header function within the src/png2swf.c source file. This flaw can lead to potential memory corruption, allowing attackers to execute arbitrary code or cause a denial-of-service condition by manipulating the input data. Users of vulnerable SWFTools versions need to address this issue promptly to mitigate risks associated with malicious PNG files.

References

https://github.com/matthiaskramm/swftools/issues/183

https://github.com/Cvjark/Poc/blob/main/swftools/png2swf/...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2022
Vulnerability Reserved
Jul 4, 2022

Swftools

What is CVE-2022-35081?

References

CVSS V3.1

Timeline