SWFTools Multiple Integer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with SWFTools and is prone to multiple integer overflow vulnerabilities.

Impact

Successful exploitation will allow remote attackers to cause a heap-based buffer overflow via specially crafted JPEG and PNG images. Impact Level: Application.

Solution

Upgrade to version 0.9.2 or later, For updates refer to http://www.swftools.org/download.html

Insight

The flaws are due to an error within the 'getPNG()' function in 'lib/png.c' and 'jpeg_load()' function in 'lib/jpeg.c'.

Affected

SWFTools version 0.9.1 and prior.

References

http://secunia.com/advisories/39970
http://secunia.com/secunia_research/2010-80/
http://www.securityfocus.com/archive/1/archive/1/513102/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1516
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cscope putstring Multiple Buffer Overflow vulnerability
Adobe Reader '/Registry' and '/Ordering' Buffer Overflow Vulnerability (Win)
Bopup Communication Server Remote Buffer Overflow Vulnerability
Alleycode HTML Editor Buffer Overflow Vulnerabilities
Apple QuickTime Multiple Buffer Overflow Vulnerabilities (Windows)

Take action and discover your vulnerabilities