CVE-2025-26305

CVSS 8.2 HIGHEPSS 0.4%CWE-244

In short

A memory leak in libming's SWF file parser allows attackers to crash applications by sending specially crafted SWF files. This vulnerability can disrupt services that process SWF files without proper resource management.

Technical detail

The parseSWF_SOUNDINFO function in util/parser.c fails to properly release allocated memory when processing SWF SOUNDINFO structures, enabling a denial of service attack vector. An attacker can trigger memory exhaustion by submitting multiple or specially crafted SWF files, resulting in process termination or service unavailability.

Summary generated and translated by AI from the official description.

A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/libming/libming/issues/322