Hi On Tue, May 02, 2017 at 10:01:31PM +0200, Salvatore Bonaccorso wrote: > CVE-2017-8400[0]: > | In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the > | function png_load() in lib/png.c:755. This issue can be triggered by a > | malformed PNG file that is mishandled by png2swf. Attackers could > | exploit this issue for DoS; it might cause arbitrary code execution. > > CVE-2017-8401[1]: > | In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the > | function png_load() in lib/png.c:724. This issue can be triggered by a > | malformed PNG file that is mishandled by png2swf. Attackers could > | exploit this issue for DoS.
I only skimmed over this bug during the BSP in Zurich. Whilst the CVE-2017-8400 is fixed upstream, the CVE-2017-8401 seem still present. Upsteam claims it should be fixed with a particular commit, but running under valgrind I see still out-of-bounds reads in the png_load function. So needs further investigation. Regards, Salvatore
