SWFTools 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk memory corruption and バッファオーバーフロー などに関し、一部は vendor impact memory corruption を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-6271 | A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.21% | 2025-06-19 | 2026-04-29 |
| CVE-2024-28458 | Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. | [email protected] | 7.5 | 0.71% | 2024-04-11 | 2025-06-10 |
| CVE-2024-26339 | swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. | [email protected] | 9.1 | 0.84% | 2024-03-05 | 2025-04-01 |
| CVE-2024-26337 | swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. | [email protected] | 4.3 | 0.60% | 2024-03-05 | 2025-04-01 |
| CVE-2024-26335 | swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c. | [email protected] | 5.5 | 0.38% | 2024-03-05 | 2025-04-01 |
| CVE-2024-26334 | swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c. | [email protected] | 6.2 | 0.27% | 2024-03-05 | 2025-04-01 |
| CVE-2024-26333 | swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c. | [email protected] | 5.5 | 0.27% | 2024-03-05 | 2025-04-01 |
| CVE-2024-25165 | A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. | [email protected] | 7.8 | 0.51% | 2024-02-14 | 2025-05-05 |
| CVE-2024-22957 | swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. | [email protected] | 5.5 | 0.30% | 2024-01-19 | 2025-06-20 |
| CVE-2024-22956 | swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 | [email protected] | 7.8 | 0.35% | 2024-01-19 | 2025-05-30 |
| CVE-2024-22955 | swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576. | [email protected] | 7.8 | 0.33% | 2024-01-19 | 2025-06-20 |
| CVE-2024-22919 | swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. | [email protected] | 7.8 | 0.33% | 2024-01-19 | 2025-06-05 |
| CVE-2024-22915 | A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution. | [email protected] | 7.8 | 0.38% | 2024-01-19 | 2025-05-30 |
| CVE-2024-22914 | A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. | [email protected] | 5.5 | 0.30% | 2024-01-19 | 2024-11-21 |
| CVE-2024-22913 | A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution. | [email protected] | 7.8 | 0.36% | 2024-01-19 | 2025-05-30 |
| CVE-2024-22912 | A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. | [email protected] | 7.8 | 0.36% | 2024-01-19 | 2025-06-17 |
| CVE-2024-22911 | A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. | [email protected] | 7.8 | 0.33% | 2024-01-19 | 2025-06-05 |
| CVE-2024-22920 | swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. | [email protected] | 7.8 | 0.30% | 2024-01-19 | 2024-11-21 |
| CVE-2024-22562 | swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. | [email protected] | 7.8 | 0.29% | 2024-01-19 | 2025-06-16 |
| CVE-2023-37644 | SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c. | [email protected] | 5.5 | 0.27% | 2024-01-11 | 2025-06-03 |