CVE-2025-26304

HighPublic PoC

Published: 20 February 2025

Published

20 February 2025

Modified

22 April 2025

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score 0.0035 57.2th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

A memory leak has been identified in the parseSWF_EXPORTASSETS function in util/parser.c of libming v0.4.8.

Security Summary

CVE-2025-26304 is a memory leak vulnerability identified in the parseSWF_EXPORTASSETS function within util/parser.c of libming version 0.4.8. This issue, published on 2025-02-20, is classified under CWE-244 and carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), indicating high severity primarily due to its potential for information disclosure.

Remote attackers can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Successful exploitation allows attackers to achieve high-impact confidentiality loss through memory leakage, alongside low-impact integrity modification, without affecting availability or changing the scope of impact.

For mitigation details, refer to the advisory in the GitHub issue at https://github.com/libming/libming/issues/323.

Details

CWE(s): CWE-244

Affected Products

libming

0.4.8

References

https://github.com/libming/libming/issues/323
Exploit, Issue Tracking, Vendor Advisory · cve@mitre.org