Aggregates CVE and security vulnerability intelligence across all libming-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related problems; some flaws may lead to vendor impact unexpected behavior, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2021-34341 | Ming 0.4.8 has an out-of-bounds read vulnerability in the function decompileIF() in the decompile.c file that causes a direct segmentation fault and leads to denial of service. | [email protected] | 6.5 | 0.88% | 2022-03-10 | 2026-06-16 |
| CVE-2021-34340 | Ming 0.4.8 has an out-of-bounds buffer access issue in the function decompileINCR_DECR() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | [email protected] | 6.5 | 0.88% | 2022-03-10 | 2026-06-16 |
| CVE-2021-34339 | Ming 0.4.8 has an out-of-bounds buffer access issue in the function getString() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | [email protected] | 6.5 | 0.94% | 2022-03-10 | 2026-06-16 |
| CVE-2021-34338 | Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service. | [email protected] | 6.5 | 0.94% | 2022-03-10 | 2026-06-16 |
| CVE-2021-44591 | In libming 0.4.8, the parseSWF_DEFINELOSSLESS2 function in util/parser.c lacks a boundary check that would lead to denial-of-service attacks via a crafted SWF file. | [email protected] | 6.5 | 1.02% | 2022-01-06 | 2026-06-17 |
| CVE-2021-44590 | In libming 0.4.8, a memory exhaustion vulnerability exist in the function cws2fws in util/main.c. Remote attackers could launch denial of service attacks by submitting a crafted SWF file that exploits this vulnerability. | [email protected] | 6.5 | 1.24% | 2022-01-06 | 2026-06-17 |
| CVE-2020-11895 | Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) in the function decompileIF() in decompile.c. | [email protected] | 9.1 | 1.70% | 2020-04-19 | 2026-06-16 |
| CVE-2020-11894 | Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) in the function decompileIF() in decompile.c. | [email protected] | 9.1 | 1.70% | 2020-04-19 | 2026-06-16 |
| CVE-2020-6629 | Ming (aka libming) 0.4.8 has z NULL pointer dereference in the function decompileGETURL2() in decompile.c. | [email protected] | 6.5 | 1.32% | 2020-01-08 | 2026-06-16 |
| CVE-2020-6628 | Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c. | [email protected] | 8.8 | 1.54% | 2020-01-08 | 2026-06-16 |
| CVE-2019-16705 | Ming (aka libming) 0.4.8 has an out of bounds read vulnerability in the function OpCode() in the decompile.c file in libutil.a. | [email protected] | 9.1 | 1.69% | 2019-09-23 | 2026-06-16 |
| CVE-2019-12982 | Ming (aka libming) 0.4.8 has a heap buffer overflow and underflow in the decompileCAST function in util/decompile.c in libutil.a. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted SWF file. | [email protected] | 6.5 | 1.38% | 2019-06-26 | 2026-06-16 |
| CVE-2019-12981 | Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c. | [email protected] | 8.8 | 1.33% | 2019-06-26 | 2026-06-16 |
| CVE-2019-12980 | In Ming (aka libming) 0.4.8, there is an integer overflow (caused by an out-of-range left shift) in the SWFInput_readSBits function in blocks/input.c. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. | [email protected] | 6.5 | 1.42% | 2019-06-26 | 2026-06-16 |
| CVE-2019-9114 | Ming (aka libming) 0.4.8 has an out of bounds write vulnerability in the function strcpyext() in the decompile.c file in libutil.a. | [email protected] | 8.8 | 1.34% | 2019-02-24 | 2026-06-16 |
| CVE-2019-9113 | Ming (aka libming) 0.4.8 has a NULL pointer dereference in the function getString() in the decompile.c file in libutil.a. | [email protected] | 8.8 | 1.40% | 2019-02-24 | 2026-06-16 |
| CVE-2019-7582 | The readBytes function in util/read.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure. | [email protected] | 8.8 | 2.21% | 2019-02-07 | 2026-06-16 |
| CVE-2019-7581 | The parseSWF_ACTIONRECORD function in util/parser.c in libming through 0.4.8 allows remote attackers to have unspecified impact via a crafted swf file that triggers a memory allocation failure, a different vulnerability than CVE-2018-7876. | [email protected] | 8.8 | 2.12% | 2019-02-07 | 2026-06-16 |
| CVE-2019-3572 | An issue was discovered in libming 0.4.8. There is a heap-based buffer over-read in the function writePNG in the file util/dbl2png.c of the dbl2png command-line program. Because this is associated with an erroneous call to png_write_row in libpng, an out-of-bounds write might occur for some memory layouts. | [email protected] | 6.5 | 1.20% | 2019-01-02 | 2026-06-16 |
| CVE-2018-20591 | A heap-based buffer over-read was discovered in decompileJUMP function in util/decompile.c of libming v0.4.8. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by swftocxx. | [email protected] | 6.5 | 1.15% | 2018-12-30 | 2026-06-16 |