CVE-2025-29487

CVE-2025-29487, published on 2025-03-27, is an out-of-memory error in the parseABC_STRING_INFO function of libming version 0.4.8. This flaw enables attackers to trigger a Denial of Service (DoS) condition through allocator exhaustion, as classified under CWE-400 (Uncontrolled Resource Consumption). The vulnerability carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), highlighting its potential for significant availability disruption.

Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no privileges, user interaction, or special scoping changes. Exploitation involves crafting malicious input that causes excessive memory allocation during parsing, leading to process crashes or resource exhaustion and denying service to legitimate users of affected libming-dependent applications.

Advisories and related resources include a GitHub issue tracking the problem at https://github.com/libming/libming/issues/330 and a proof-of-concept repository at https://github.com/goodmow/PoC/blob/main/libming/libming-fuzz6.readme, which may provide further details on reproduction and potential fixes. No specific patches or mitigations are outlined in the core CVE description.