Aggregates CVE and security vulnerability intelligence across all libming-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related problems; some flaws may lead to vendor impact unexpected behavior, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2018-20429 | libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165. | [email protected] | 8.8 | 1.50% | 2018-12-24 | 2026-06-16 |
| CVE-2018-20428 | libming 0.4.8 has a NULL pointer dereference in the strlenext function of the decompile.c file, a different vulnerability than CVE-2018-7874. | [email protected] | 8.8 | 1.50% | 2018-12-24 | 2026-06-16 |
| CVE-2018-20427 | libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file, a different vulnerability than CVE-2018-9132. | [email protected] | 8.8 | 1.32% | 2018-12-24 | 2026-06-16 |
| CVE-2018-20426 | libming 0.4.8 has a NULL pointer dereference in the newVar3 function of the decompile.c file, a different vulnerability than CVE-2018-7866. | [email protected] | 8.8 | 1.50% | 2018-12-24 | 2026-06-16 |
| CVE-2018-20425 | libming 0.4.8 has a NULL pointer dereference in the pushdup function of the decompile.c file. | [email protected] | 8.8 | 1.50% | 2018-12-24 | 2026-06-16 |
| CVE-2018-15871 | An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | [email protected] | 6.5 | 1.16% | 2018-08-25 | 2026-06-16 |
| CVE-2018-15870 | An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to denial of service. | [email protected] | 6.5 | 1.16% | 2018-08-25 | 2026-06-16 |
| CVE-2018-13251 | In libming 0.4.8, there is an excessive memory allocation attempt in the readBytes function of the util/read.c file, related to parseSWF_DEFINEBITSJPEG2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted swf file. | [email protected] | 6.5 | 1.46% | 2018-07-05 | 2026-06-16 |
| CVE-2018-13250 | libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | [email protected] | 6.5 | 1.46% | 2018-07-05 | 2026-06-16 |
| CVE-2018-13066 | There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, parseSWF_DEFINESPRITE, parseSWF_DEFINETEXT, parseSWF_DOACTION, parseSWF_FILLSTYLEARRAY, parseSWF_FRAMELABEL, parseSWF_LINESTYLEARRAY, parseSWF_PLACEOBJECT2, or parseSWF_SHAPEWITHSTYLE. | [email protected] | 7.5 | 1.41% | 2018-07-02 | 2026-06-16 |
| CVE-2018-11226 | The getString function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | [email protected] | 8.8 | 1.74% | 2018-05-17 | 2026-06-16 |
| CVE-2018-11225 | The dcputs function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | [email protected] | 8.8 | 1.95% | 2018-05-17 | 2026-06-16 |
| CVE-2018-11100 | The decompileSETTARGET function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | [email protected] | 8.8 | 1.81% | 2018-05-14 | 2026-06-16 |
| CVE-2018-11095 | The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | [email protected] | 8.8 | 1.81% | 2018-05-14 | 2026-06-16 |
| CVE-2018-11017 | The newVar_N function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact. | [email protected] | 8.8 | 1.39% | 2018-05-13 | 2026-06-16 |
| CVE-2018-9165 | The pushdup function in util/decompile.c in libming through 0.4.8 does not recognize the need for ActionPushDuplicate to perform a deep copy when a String is at the top of the stack, making the library vulnerable to a util/decompile.c getName NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted SWF file. | [email protected] | 6.5 | 1.14% | 2018-04-01 | 2026-06-16 |
| CVE-2018-9132 | libming 0.4.8 has a NULL pointer dereference in the getInt function of the decompile.c file. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | [email protected] | 6.5 | 1.75% | 2018-03-30 | 2026-06-16 |
| CVE-2018-9009 | In libming 0.4.8, there is a use-after-free in the decompileJUMP function of the decompile.c file. | [email protected] | 8.8 | 1.93% | 2018-03-24 | 2026-06-16 |
| CVE-2018-8964 | In libming 0.4.8, the decompileDELETE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | [email protected] | 6.5 | 1.67% | 2018-03-23 | 2026-06-16 |
| CVE-2018-8963 | In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file. | [email protected] | 6.5 | 1.51% | 2018-03-23 | 2026-06-16 |