彙總 SWFTools 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 記憶體損壞與緩衝區溢位 等問題,部分漏洞可能導致 記憶體損壞,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-6271 | A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | [email protected] | 1.9 | 0.21% | 2025-06-19 | 2026-06-17 |
| CVE-2024-28458 | Null Pointer Dereference vulnerability in swfdump in swftools 0.9.2 allows attackers to crash the appliation via the function compileSWFActionCode in action/actioncompiler.c. | [email protected] | 7.5 | 0.71% | 2024-04-11 | 2026-06-17 |
| CVE-2024-26339 | swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. | [email protected] | 9.1 | 0.84% | 2024-03-05 | 2026-06-17 |
| CVE-2024-26337 | swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. | [email protected] | 4.3 | 0.60% | 2024-03-05 | 2026-06-17 |
| CVE-2024-26335 | swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c. | [email protected] | 5.5 | 0.38% | 2024-03-05 | 2026-06-17 |
| CVE-2024-26334 | swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c. | [email protected] | 6.2 | 0.27% | 2024-03-05 | 2026-06-17 |
| CVE-2024-26333 | swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c. | [email protected] | 5.5 | 0.27% | 2024-03-05 | 2026-06-17 |
| CVE-2024-25165 | A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. | [email protected] | 7.8 | 0.51% | 2024-02-14 | 2026-06-17 |
| CVE-2024-22957 | swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. | [email protected] | 5.5 | 0.30% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22956 | swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 | [email protected] | 7.8 | 0.35% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22955 | swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576. | [email protected] | 7.8 | 0.33% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22919 | swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. | [email protected] | 7.8 | 0.33% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22915 | A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution. | [email protected] | 7.8 | 0.38% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22914 | A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. | [email protected] | 5.5 | 0.30% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22913 | A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution. | [email protected] | 7.8 | 0.36% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22912 | A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. | [email protected] | 7.8 | 0.36% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22911 | A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. | [email protected] | 7.8 | 0.33% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22920 | swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. | [email protected] | 7.8 | 0.30% | 2024-01-19 | 2026-06-17 |
| CVE-2024-22562 | swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. | [email protected] | 7.8 | 0.29% | 2024-01-19 | 2026-06-17 |
| CVE-2023-37644 | SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c. | [email protected] | 5.5 | 0.27% | 2024-01-11 | 2026-06-17 |