SWFTools Multiple Integer Overflow Vulnerabilities Network Vulnerability

Summary

This host is installed with SWFTools and is prone to multiple integer overflow vulnerabilities.

Impact

Successful exploitation will allow remote attackers to cause a heap-based buffer overflow via specially crafted JPEG and PNG images. Impact Level: Application.

Solution

Upgrade to version 0.9.2 or later, For updates refer to http://www.swftools.org/download.html

Insight

The flaws are due to an error within the 'getPNG()' function in 'lib/png.c' and 'jpeg_load()' function in 'lib/jpeg.c'.

Affected

SWFTools version 0.9.1 and prior.

References

http://secunia.com/advisories/39970
http://secunia.com/secunia_research/2010-80/
http://www.securityfocus.com/archive/1/archive/1/513102/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1516

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability
Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)
Adobe Reader Multimeda Doc.media.newPlayer Code Execution Vulnerability (Linux)
Adobe Flash CS3 SWF Processing Buffer Overflow Vulnerabilities
Buffer Overflow Vulnerability in Adobe Reader (Linux)

Take action and discover your vulnerabilities