libming:memory leak in cws2fws

Description

Ming is a library for generating Macromedia Flash files (.swf), written in C, and  for working includes useful utilities king with .swf files.

A memory leak vulnerability was found in function cws2fws in main.c, which allows attackers to cause a denial of service via a crafted file.

#listswf $FILE
=================================================================
Direct leak of 2363 byte(s) in 1 object(s) allocated from:
    #0 0x4dfc96 in malloc /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:66
    #1 0x5431b3 in cws2fws /home/haojun/Downloads/libming-master/util/main.c:101:13
    #2 0x5444c6 in readMovieHeader /home/haojun/Downloads/libming-master/util/main.c:198:18
    #3 0x5444c6 in main /home/haojun/Downloads/libming-master/util/main.c:346
    #4 0x7f0606636b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

Direct leak of 2360 byte(s) in 1 object(s) allocated from:
    #0 0x4e004d in realloc /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/asan_malloc_linux.cc:79
    #1 0x543350 in cws2fws /home/haojun/Downloads/libming-master/util/main.c:111:15
    #2 0x5444c6 in readMovieHeader /home/haojun/Downloads/libming-master/util/main.c:198:18
    #3 0x5444c6 in main /home/haojun/Downloads/libming-master/util/main.c:346
    #4 0x7f0606636b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274

......
 8885 byte(s) leaked in 12 allocation(s).

Affected version: latest version
Fixed version:N/A
Commit fix:N/A
Credit: ADLab of Venustech.
CVE:N/A
Reproducer:
Timeline:
2017-06-07:bug discovered and reported to the libming GitHub issue page
2017-07-24:blog post about the issue
Permalink:
https://somevulnsofadlab.blogspot.com/2017/07/libmingmemory-leak-in-cws2fws.html

评论

此博客中的热门博文

qpdf:An infinite loop in libqpdf

qpdf:An infinite loop in libqpdf

qpdf:An infinite loop in libqpdf