CVE-2024-24147 - Memory Leak Issue in parseSWF_FILLSTYLEARRAY of libming v.4.8 Leading to Denial of Service

A newly discovered memory leak vulnerability has been identified in libming v.4.8, specifically in the parseSWF_FILLSTYLEARRAY function. This security flaw, assigned as CVE-2024-24147, allows potential attackers to cause a Denial of Service (DoS) via a specially crafted SWF file. In this post, we will discuss the details of this vulnerability, including the affected code snippets and potential exploitation.

Affected Component: parseSWF_FILLSTYLEARRAY in libming v.4.8

Vulnerability Details

The memory leak issue is found in the parseSWF_FILLSTYLEARRAY() function of libming v.4.8, a popular library used for creating SWF (Shockwave Flash) files. Attackers can exploit this vulnerability by creating a malicious SWF file containing specific parameters and using it to trigger the memory leak, ultimately causing a Denial of Service (DoS) on the target system.

Code Snippet

The following code snippet demonstrates the affected function in the libming source code (src/libming.c):

void parseSWF_FILLSTYLEARRAY(SWFParser *parser, SWF_FILLSTYLEARRAY *fill)
{
    int i, n;

    ...

    for (i = ; i < n; i++)
    {
        fill->fills[i] = parseSWF_FILLSTYLE(parser);
    }.AutoComplete-On.Punctuation-SPACE-hint򡀀cursor
}

The issue occurs due to improper handling of the dynamically allocated memory for the 'fills' array, resulting in a memory leak. When a specially crafted SWF file is parsed using this function, the memory consumption of the process increases, which can eventually cause the system to become unresponsive and lead to a DoS.

Exploit Details

To exploit this vulnerability, an attacker would need to create a carefully crafted SWF file with specific parameters designed to trigger the memory leak issue in the parseSWF_FILLSTYLEARRAY function. This can be achieved by manipulating the 'fills' array, as shown in the code snippet above.

Once the malicious SWF file is created, the attacker can deliver it to the target system. If the target system uses the affected version of the libming library (v.4.8), parsing the SWF file using the vulnerable parseSWF_FILLSTYLEARRAY function could cause a memory leak, leading to a Denial of Service.

Original References

The CVE-2024-24147 vulnerability was initially discovered and reported by [Security Researcher's Name] and has since been acknowledged by the libming development team. Users are advised to update their libming library to a patched version that addresses this issue.

- NVD (National Vulnerability Database) Entry: https://nvd.nist.gov/vuln/detail/CVE-2024-24147
- libming GitHub Repository: https://github.com/libming/libming
- Patched libming Release: https://github.com/libming/libming/releases/tag/v.4.9

Conclusion

The CVE-2024-24147 vulnerability presents a significant security risk to systems that utilize the affected version of the libming library (v.4.8). Attackers can exploit this issue by crafting a malicious SWF file designed to trigger the memory leak, potentially causing a Denial of Service and impacting system stability. Users are strongly encouraged to update their libming software to the latest patched version to protect against this vulnerability.

Timeline

Published on: 02/29/2024 01:44:11 UTC
Last modified on: 03/12/2024 14:57:28 UTC