In libming 0.4.8, there is an integer signedness error vulnerability (left shift of a negative value) in the readSBits function (util/read.c). Remote attackers can leverage this vulnerability to cause a denial of service via a crafted swf file.
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libming | Libming | 0.4.8 (including) | 0.4.8 (including) |
Ming | Ubuntu | esm-apps/xenial | * |
Ming | Ubuntu | trusty | * |
Ming | Ubuntu | upstream | * |
Ming | Ubuntu | xenial | * |