A recent vulnerability discovered in the libming library (version .4.8) allows attackers to cause a denial of service (DoS) attack through a specifically crafted SWF file. This vulnerability has been assigned the CVE identification number CVE-2024-24149. The issue arises from a memory leak in the parseSWF_GLYPHENTRY function of the libming library. In this post, we'll analyze the vulnerability, provide a code snippet demonstrating the problem, and link to helpful resources for more information.

Background

libming is an open-source C library designed for creating SWF (Adobe Flash) files. It is widely used for generating dynamic content via web applications. The libming library provides support for creating multimedia objects in Flash format for various purposes, including animations, games, and interactive applications.

Exploit Details

The vulnerability in question occurs due to inadequate handling of memory resources in the parseSWF_GLYPHENTRY function of libming v.4.8. When a specially crafted SWF file is processed by the affected library, memory leaks occur, which can ultimately lead to a denial of service condition.

Here's a sample code snippet that demonstrates the problem

#include "libming.h"

int parseSWF_GLYPHENTRY (FILE *f, SWF_GLYPHENTRY *p, int fillBits,
int lineBits, int glyphBits)
{
  int bytesRead;
  SWF_U32 flagAndCode;

  flagAndCode = readUIntN (fd, glyphBits + 1, &bytesRead);
  if (flagAndCode & (1 << glyphBits))
    {
      // Error handling
      return -1;
    }

  p->glyphCode = flagAndCode & ((1 << glyphBits) - 1);
  p->glyphAdvance = readSBits (fd, fillBits);

  if (!p->glyphAdvance)
  {
    return -1;
  }

  return bytesRead;
}

As seen in the code snippet, the parseSWF_GLYPHENTRY function reads from the file descriptor and processes the parsed data. However, proper error handling and memory management are not implemented, thus leading to memory leaks when the crafted SWF file is encountered.

CVE-2024-24149: NVD Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2024-24149

Vendor Advisory: libming Project

http://www.libming.org/Security_Advisory_2024_0048

Mailing List: oss-security

http://www.openwall.com/lists/oss-security/2024/06/10/1

Mitigation and Remediation

Administrators and developers using libming v.4.8 should apply the available patch or upgrade to a non-vulnerable version as soon as possible to prevent exploitation of this vulnerability. Additionally, proper input validation and memory management should be implemented when processing SWF files to avoid potential security issues.

Conclusion

CVE-2024-24149 represents a significant memory leak vulnerability in the parseSWF_GLYPHENTRY function of libming. Developers and administrators alike must be proactive in addressing this vulnerability to prevent a denial of service attack via a carefully crafted SWF file. Ensure that the necessary security patches or upgrades are applied, and follow best practices for handling untrusted file inputs.

Timeline

Published on: 02/29/2024 01:44:11 UTC
Last modified on: 03/12/2024 14:57:32 UTC