An issue found in libming v.0.4.8 allows a local malicious user to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file.
libming libming 0.4.8