The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
swftools swftools 0.9.2 |