Stack Buffer Underflow Vulnerability in swftools by Matthias Kramm
CVE-2024-22955

7.8HIGH

Key Information:

Vendor: Swftools
Vendor: CVE Published:; 19 January 2024

What is CVE-2024-22955?

The vulnerability present in swftools version 0.9.2 arises from a stack buffer underflow issue detected in the function parseExpression located at swftools/src/swfc.c:2576. This deficiency could potentially be exploited to impact the execution flow of the application, leading to undefined behavior. Users and organizations utilizing swftools 0.9.2 should be aware of this vulnerability and consider applying security measures to mitigate any associated risks.

References

https://github.com/matthiaskramm/swftools/issues/207

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 19, 2024
Vulnerability Reserved
Jan 11, 2024

Swftools

What is CVE-2024-22955?

References

CVSS V3.1

Timeline