SWFTools: User-assisted execution of arbitrary code — GLSA 201204-05

A heap-based buffer overflow in SWFTools could result in the execution of arbitrary code.

Affected Packages

media-gfx/swftools on all architectures
Affected versions <= 0.9.1
Unaffected versions

Background

SWFTools is a collection of SWF manipulation and generation utilities written by Rainer Böhme and Matthias Kramm.

Description

Integer overflow errors in the "getPNG()" function in png.c and the "jpeg_load()" function in jpeg.c could cause a heap-based buffer overflow.

Impact

A remote attacker could entice a user to open a specially crafted PNG or JPEG file, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

Gentoo discontinued support for SWFTools. We recommend that users unmerge swftools:

 # emerge --unmerge "media-gfx/swftools"
 

NOTE: Users could upgrade to ">=media-gfx/swftools-0.9.1", however these packages are not currently stable.

References

Release Date
April 17, 2012

Latest Revision
April 18, 2012: 2

Severity
normal

Exploitable
remote

Bugzilla entries