CVE-2025-26304

CVSS 8.2 HIGHEPSS 0.4%CWE-244

In short

A memory leak in libming's SWF parser causes the application to consume increasing amounts of memory over time, potentially leading to denial of service. This occurs when processing certain SWF files with export asset data.

Technical detail

The parseSWF_EXPORTASSETS function in util/parser.c fails to properly deallocate memory during SWF file parsing, allowing an attacker to craft malicious SWF files that trigger repeated memory allocation without corresponding deallocation. Exploitation requires processing untrusted SWF input and can result in memory exhaustion and application crash.

Summary generated and translated by AI from the official description.

A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/libming/libming/issues/323