Libming Ming vulnerabilities

CVE-2021-34340 [MEDIUM] CWE-125 CVE-2021-34340: Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompil Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

CVE-2021-34339 [MEDIUM] CWE-125 CVE-2021-34339: Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

CVE-2021-34342 [MEDIUM] CWE-125 CVE-2021-34342: Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which c Ming 0.4.8 has an out-of-bounds read vulnerability in the function newVar_N() in decompile.c which causes a huge information leak.

CVE-2021-34341 [MEDIUM] CWE-125 CVE-2021-34341: Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service.

CVE-2021-34338 [MEDIUM] CWE-125 CVE-2021-34338: Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c fil Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.

CVE-2019-9114 [HIGH] CWE-787 CVE-2019-9114: Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a.

CVE-2019-9113 [HIGH] CWE-476 CVE-2019-9113: Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a.

CVE-2017-11731 [MEDIUM] CWE-125 CVE-2017-11731: An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and d An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11734 [MEDIUM] CWE-125 CVE-2017-11734: A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in A heap-based buffer over-read was found in the function decompileCALLFUNCTION in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11732 [MEDIUM] CWE-119 CVE-2017-11732: A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIM A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11729 [MEDIUM] CWE-125 CVE-2017-11729: A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1440) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11728 [MEDIUM] CWE-125 CVE-2017-11728: A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in u A heap-based buffer over-read was found in the function OpCode (called from decompileSETMEMBER) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11730 [MEDIUM] CWE-125 CVE-2017-11730: A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11733 [MEDIUM] CWE-476 CVE-2017-11733: A null pointer dereference vulnerability was found in the function stackswap (called from decompileS A null pointer dereference vulnerability was found in the function stackswap (called from decompileSTACKSWAP) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11704 [MEDIUM] CWE-125 CVE-2017-11704: A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4. A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11703 [MEDIUM] CWE-772 CVE-2017-11703: A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4 A memory leak vulnerability was found in the function parseSWF_DOACTION in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.

CVE-2017-11705 [MEDIUM] CWE-772 CVE-2017-11705: A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, whic A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in util/parser.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.