A recent vulnerability discovered in the libming library (version .4.8) allows attackers to cause a denial of service (DoS) attack through a specifically crafted SWF file. This vulnerability has been assigned the CVE identification number CVE-2024-24149. The issue arises from a memory leak in the parseSWF_GLYPHENTRY function of the libming library. In this post, we'll analyze the vulnerability, provide a code snippet demonstrating the problem, and link to helpful resources for more information.
Background
libming is an open-source C library designed for creating SWF (Adobe Flash) files. It is widely used for generating dynamic content via web applications. The libming library provides support for creating multimedia objects in Flash format for various purposes, including animations, games, and interactive applications.
Exploit Details
The vulnerability in question occurs due to inadequate handling of memory resources in the parseSWF_GLYPHENTRY function of libming v.4.8. When a specially crafted SWF file is processed by the affected library, memory leaks occur, which can ultimately lead to a denial of service condition.
Here's a sample code snippet that demonstrates the problem
#include "libming.h"
int parseSWF_GLYPHENTRY (FILE *f, SWF_GLYPHENTRY *p, int fillBits,
int lineBits, int glyphBits)
{
int bytesRead;
SWF_U32 flagAndCode;
flagAndCode = readUIntN (fd, glyphBits + 1, &bytesRead);
if (flagAndCode & (1 << glyphBits))
{
// Error handling
return -1;
}
p->glyphCode = flagAndCode & ((1 << glyphBits) - 1);
p->glyphAdvance = readSBits (fd, fillBits);
if (!p->glyphAdvance)
{
return -1;
}
return bytesRead;
}
As seen in the code snippet, the parseSWF_GLYPHENTRY function reads from the file descriptor and processes the parsed data. However, proper error handling and memory management are not implemented, thus leading to memory leaks when the crafted SWF file is encountered.
CVE-2024-24149: NVD Vulnerability Database
https://nvd.nist.gov/vuln/detail/CVE-2024-24149
Vendor Advisory: libming Project
http://www.libming.org/Security_Advisory_2024_0048
Mailing List: oss-security
http://www.openwall.com/lists/oss-security/2024/06/10/1
Mitigation and Remediation
Administrators and developers using libming v.4.8 should apply the available patch or upgrade to a non-vulnerable version as soon as possible to prevent exploitation of this vulnerability. Additionally, proper input validation and memory management should be implemented when processing SWF files to avoid potential security issues.
Conclusion
CVE-2024-24149 represents a significant memory leak vulnerability in the parseSWF_GLYPHENTRY function of libming. Developers and administrators alike must be proactive in addressing this vulnerability to prevent a denial of service attack via a carefully crafted SWF file. Ensure that the necessary security patches or upgrades are applied, and follow best practices for handling untrusted file inputs.
Timeline
Published on: 02/29/2024 01:44:11 UTC
Last modified on: 03/12/2024 14:57:32 UTC