CVE-2025-26305
Published: 20 February 2025
Description
A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.
Security Summary
CVE-2025-26305 is a memory leak vulnerability in the parseSWF_SOUNDINFO function within util/parser.c of libming version 0.4.8. This issue affects the libming library, which handles parsing of Macromedia Flash (SWF) files, and is classified under CWE-244 (Improper Clearing of Heap Memory Before Release). The vulnerability was published on 2025-02-20 and carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N), highlighting its high severity due to network accessibility and low attack complexity.
Remote attackers require no privileges or user interaction to exploit this flaw by supplying a specially crafted SWF file to a vulnerable libming instance. Successful exploitation triggers the memory leak, enabling a denial of service through resource exhaustion, while the high confidentiality impact indicates potential leakage of sensitive information from heap memory and low integrity impact from possible memory corruption.
Mitigation details and further discussion are available in the GitHub issue at https://github.com/libming/libming/issues/322.
Details
- CWE(s)