CVE Vulnerabilities

CVE-2025-26305

Improper Clearing of Heap Memory Before Release ('Heap Inspection')

Published: Feb 20, 2025 | Modified: Apr 22, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A memory leak has been identified in the parseSWF_SOUNDINFO function in util/parser.c of libming v0.4.8, which allows attackers to cause a denial of service via a crafted SWF file.

Weakness

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

Affected Software

Name Vendor Start Version End Version
Libming Libming 0.4.8 (including) 0.4.8 (including)

References