Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-8807

Published: 20/03/2018 Updated: 12/04/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 384
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

In libming 0.4.8, these is a use-after-free in the function decompileCALLFUNCTION of decompile.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file.

Vulnerable Product Search on Vulmon Subscribe to Product

libming libming 0.4.8

Github Repositories

https://github.com/SaFuzztool/SAFuzz

The prototype of SAFuzz

SAFuzz This is the repo of Multiple Targets Directed Greybox Fuzzing: From Reachable to Exploited safuzz |-- LICENSE |-- READMEmd |-- fuzz | |-- afl-fuzzc ---------- fuzzer |-- gllvm ---------- gllvm compiler | |-- gclang | |-- gclang++ | |-- get-bc | |-- gparse | `-- gsanity-check `-- instrument |-- envsh ---------- Required enviro

https://github.com/cuhk-seclab/SelectFuzz

Installation: Manual installation Run export AFLGO=selectfuzz_installation_dir Under folder selectfuzz: make clean all Under folder selectfuzz/llvm-mode: make clean all, error message "recipe for target 'test_build' failed" can be ignored Docker (Recommended) Alternatively, you can use our provided docker image We have installed all required dependencies

https://github.com/choi0316/directed_fuzzing

directed_fuzzing mjs mjs_mk_string base: 0x1320 target function add, name : 0x1b103,mjs_mk_string CVE-2016-9827(listswf) _iprintf function in outputtxtc base: 0x2240 target function add, name : 0x236d,_iprintf CVE-2017-7578(swftophp) parseSWF_RGBA in parserc base: 0x2250 target function add, name : 0x115c7,parseSWF_RGBA objdump-CVE-2017-8392 _bfd_dwarf2_find_nearest_line bas

References

CWE-416https://github.com/libming/libming/issues/129https://nvd.nist.govhttps://github.com/SaFuzztool/SAFuzz
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710arbitrary CVE-2024-5272CVE-2024-2961brute forceremoteCVE-2024-32944CVE-2024-36241CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook