First published: Thu Mar 23 2023(Updated: )
swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Swftools Swftools | =0.9.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-27249.
The affected software is swftools v0.9.2.
The severity of CVE-2023-27249 is medium (CVSS score of 5.5).
The CWE ID associated with this vulnerability is CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-787 (Out-of-bounds Write).
Yes, a proof-of-concept (PoC) for CVE-2023-27249 is available at the following links: [PoC link 1](https://github.com/keepinggg/poc/blob/main/poc_of_swfdump/poc), [PoC link 2](https://github.com/keepinggg/poc/tree/main/poc_of_swfdump).