Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-44591
CVE-2021-44591:
Homebrew vulnerability analysis and mitigation
Overview
In libming version 0.4.8, a vulnerability was identified in the parseSWF_DEFINELOSSLESS2 function within util/parser.c. The vulnerability stems from a missing boundary check that can lead to denial-of-service attacks when processing crafted SWF files (NVD, CVE Details).
Technical details
The vulnerability exists due to the lack of boundary checks in the parseSWF_DEFINELOSSLESS2 function. When processing SWF files, the function fails to compare the size of 'end' and 'fileOffset' variables before calling readBytes. This can result in end-fileOffset becoming a negative integer, which is then treated as a large unsigned integer when passed to malloc, leading to memory allocation failures. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).
Impact
The vulnerability can be exploited to cause denial-of-service conditions through memory allocation failures. When exploited, the application attempts to allocate an extremely large amount of memory, which leads to process termination (GitHub Issue).
Additional resources
Source: This report was generated using AI
Related Homebrew vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management