libming:invalid memory read in OpCode


Ming is a library for generating Macromedia Flash files (.swf), written in C, and  for working includes useful utilities king with .swf files.

An invalid memory read vulnerability was found in function OpCode in decompile.c, which allows attackers to cause a denial of service via a crafted file.

#swftocxx $FILE out
SEGV on unknown address 0x60dffffffff0 (pc 0x000000566254 bp 0x2028656c696877 sp 0x7ffda7ccab50 T0)
==20555==The signal is caused by a READ memory access.
    #0 0x566253 in OpCode /home/haojun/Downloads/libming-master/util/decompile.c:868:37
    #1 0x566253 in isLogicalOp /home/haojun/Downloads/libming-master/util/decompile.c:1193
    #2 0x566253 in decompileIF /home/haojun/Downloads/libming-master/util/decompile.c:2332
    #3 0x5875eb in decompileActions /home/haojun/Downloads/libming-master/util/decompile.c:3401:6
    #4 0x5875eb in decompile5Action /home/haojun/Downloads/libming-master/util/decompile.c:3423
    #5 0x52a0c5 in outputSWF_DOACTION /home/haojun/Downloads/libming-master/util/outputscript.c:1548:29
    #6 0x531311 in readMovie /home/haojun/Downloads/libming-master/util/main.c:277:4
    #7 0x531311 in main /home/haojun/Downloads/libming-master/util/main.c:350
    #8 0x7f1829051b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
    #9 0x41ae7b in _start (/home/haojun/Downloads/libming-afl-build/bin/swftocxx+0x41ae7b)

SEGV /home/haojun/Downloads/libming-master/util/decompile.c:868:37 in OpCode
Affected version: latest version
Fixed version:N/A
Commit fix:N/A
Credit: ADLab of Venustech.
2017-06-07:bug discovered and reported to the libming GitHub issue page
2017-07-24:blog post about the issue



qpdf:An infinite loop in libqpdf

qpdf:An infinite loop in libqpdf

qpdf:An infinite loop in libqpdf