‘SWFTools Two Integer Overflow Vulnerabilities’
‘The information has been provided by Stefan Cornelius.
The original article can be found at: http://secunia.com/secunia_research/2010-80/‘
* SWFTools version 0.9.1
The vulnerabilities are:
1) An integer overflow error within the ‘getPNG()’ function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images.
2) An integer overflow error within the ‘jpeg_load()’ function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images.
Fixed in the GIT repository.
10/06/2010 – Vendor notified.
10/06/2010 – Vendor response.
13/08/2010 – Public disclosure.’