libming:invalid memory read in outputSWF_TEXT_RECORD

Description

Ming is a library for generating Macromedia Flash files (.swf), written in C, and  for working includes useful utilities king with .swf files.

An invalid memory read was found in function outputSWF_TEXT_RECORD in outputscript.c, which allows attackers to cause a denial of service via a crafted file.

#swftocxx $FILE out
=================================================================
SEGV on unknown address 0x00000000000c (pc 0x00000052876c bp 0x000000000000 sp 0x7ffcaa1a7620 T0)
==15250==The signal is caused by a READ memory access.
==15250==Hint: address points to the zero page.
    #0 0x52876b in outputSWF_TEXT_RECORD /home/haojun/Downloads/libming-master/util/outputscript.c:1429:13
    #1 0x52941d in outputSWF_DEFINETEXT2 /home/haojun/Downloads/libming-master/util/outputscript.c:1493:6
    #2 0x531311 in readMovie /home/haojun/Downloads/libming-master/util/main.c:277:4
    #3 0x531311 in main /home/haojun/Downloads/libming-master/util/main.c:350
    #4 0x7f086c2f7b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
    #5 0x41ae7b in _start (/home/haojun/Downloads/libming-afl-build/bin/swftocxx+0x41ae7b)

SEGV /home/haojun/Downloads/libming-master/util/outputscript.c:1429:13 in outputSWF_TEXT_RECORD
==15250==ABORTING

Affected version: latest version
Fixed version:N/A
Commit fix:N/A
Credit: ADLab of Venustech.
CVE:N/A
Reproducer:
Timeline:
2017-06-07:bug discovered and reported to the libming GitHub issue page
2017-07-24:blog post about the issue
Permalink:
https://somevulnsofadlab.blogspot.com/2017/07/libminginvalid-memory-read-in.html

评论

此博客中的热门博文

lrzip:stack buffer overflow in get_fileinfo

libming:memory leak in parseSWF_DOACTION

libming:memory leak in parseSWF_SHAPEWITHSTYLE