libming:memory leak in parseSWF_SHAPEWITHSTYLE


Ming is a library for generating Macromedia Flash files (.swf), written in C, and  for working includes useful utilities king with .swf files.

A memory leak vulnerability was found in function parseSWF_SHAPEWITHSTYLE in parser.c, which allows attackers to cause a denial of service via a crafted file.

#listswf $FILE

Direct leak of 576 byte(s) in 1 object(s) allocated from:
    #0 0x4e004d in realloc /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/
    #1 0x5bf458 in parseSWF_SHAPEWITHSTYLE /home/haojun/Downloads/libming-master/util/parser.c:882:49
    #2 0x5d7315 in parseSWF_DEFINESHAPE3 /home/haojun/Downloads/libming-master/util/parser.c:2259:3

Direct leak of 410 byte(s) in 1 object(s) allocated from:
    #0 0x4e004d in realloc /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/
    #1 0x543350 in cws2fws /home/haojun/Downloads/libming-master/util/main.c:111:15
    #2 0x5444c6 in readMovieHeader /home/haojun/Downloads/libming-master/util/main.c:198:18
    #3 0x5444c6 in main /home/haojun/Downloads/libming-master/util/main.c:346
    #4 0x7f8b1e9e3b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274


3020 byte(s) leaked in 12 allocation(s).
Affected version: latest version
Fixed version:N/A
Commit fix:N/A
Credit: ADLab of Venustech.
2017-06-07:bug discovered and reported to the libming GitHub issue page
2017-07-24:blog post about the issue



libming:null pointer dereference in stackswap

libming:memory leak in parseSWF_DOACTION

Poppler:stack buffer overflow in GfxImageColorMap::getGray