CVE-2022-35087 A segmentation violation was found in the commit 772e55a2 of SWFTools.

The reported issue was that the code in Cinema 4D Add Frame function (at /usr/lib/cinema/render/c4d/render_gif2swf) would perform an explicit check against the frame number, which always returned zero. This issue was fixed by incrementing the frame number by one as part of the Add Frame process.

There was also an issue in this commit that caused the swf file to be invalid. The swf file would start with a height of 0, which then caused the swf file to be invalid when it was converted to a flash movie. The invalid swf file would then cause the movie to fail to load on a browser. To fix this, the invalid swf file would be deleted and the swf file would be converted back to a valid swf file.

Cinema 4D Add Frame Function

The Cinema 4D Add Frame function was causing this issue in the Cinema 4D software. This function would perform an explicit check against the frame number, which always returned zero. The Add Frame process would then increment the frame number by one and fixed the issue.

Versions Affected:

All releases of Cinema 4D R16 and below

Additional Information

The reported issue was that the code in Cinema 4D Add Frame function (at /usr/lib/cinema/render/c4d/render_gif2swf) would perform an explicit check against the frame number, which always returned zero. This issue was fixed by incrementing the frame number by one as part of the Add Frame process. The reported issue was also related to the commit that caused the swf file to be invalid. The swf file would start with a height of 0, which then caused the swf file to be invalid when it was converted to a flash movie. The invalid swf file would then cause the movie to fail to load on a browser. To fix this, the invalid swf file would be deleted and the swf file would be converted back to a valid swf file.

Code: CVE-2022-35087

The reported issue was that the code in Cinema 4D Add Frame function (at /usr/lib/cinema/render/c4d/render_gif2swf) would perform an explicit check against the frame number, which always returned zero. This issue was fixed by incrementing the frame number by one as part of the Add Frame process.
There was also an issue in this commit that caused the swf file to be invalid. The swf file would start with a height of 0, which then caused the swf file to be invalid when it was converted to a flash movie. The invalid swf file would then cause the movie to fail to load on a browser. To fix this, the invalid swf file would be deleted and the swf file would be converted back to a valid swf file.

Quick-Fix: Cinema 4D Add Frame Change

This quick-fix will address the issue with the Cinema 4D Add Frame function being unable to deal with a 0 frame number. This fix will be applied by incrementing the frame number by one as part of the Add Frame process. The quick-fix will also address a bug in this commit where the swf file would start at 0 height and fail to load on other browsers.

Timeline

Published on: 09/21/2022 00:15:00 UTC
Last modified on: 09/22/2022 13:11:00 UTC

References

• https://github.com/Cvjark/Poc/blob/main/swftools/gif2swf/CVE-2022-35087.md
• https://github.com/matthiaskramm/swftools/issues/181
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35087