Denial of Service Vulnerability in SWFTools 0.9.2

Denial of Service Vulnerability in SWFTools 0.9.2

CVE-2017-16794 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:N/A:P

The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.

Learn more about our Web Application Penetration Testing UK.