CVE-2021-44590: 
Homebrew vulnerability analysis and mitigation

In libming 0.4.8, a memory exhaustion vulnerability exists in the function cws2fws in util/main.c. The vulnerability was discovered and disclosed on January 6, 2022. The affected component is the libming library, specifically version 0.4.8, which is a library for generating SWF (Flash) output files (NVD, AttackerKB).

The vulnerability occurs in the cws2fws function where a large integer value controlled by the attacker can be passed directly to realloc without proper boundary checks. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The attack requires user interaction but no privileges, and can be executed remotely over the network (NVD).

When exploited, this vulnerability allows remote attackers to launch denial of service attacks by submitting a crafted SWF file. The attack primarily affects the availability of the system, with no direct impact on confidentiality or integrity (NVD, AttackerKB).

The vulnerability affects libming version 0.4.8. Users should update to a patched version if available. If updating is not possible, implementing input validation for SWF file sizes and memory allocation limits could help mitigate the risk (NVD).