CVE-2023-37644: 
NixOS vulnerability analysis and mitigation

SWFTools 0.9.2 772e55a contains a vulnerability that allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. The vulnerability specifically occurs in the png_read_chunk function in lib/png.c. This issue was disclosed on January 11, 2024 (NVD, AttackerKB).

The vulnerability exists in the png_read_chunk function within lib/png.c of SWFTools version 0.9.2. When processing PNG files, the function attempts to allocate an excessive amount of memory (0x9c000000 bytes) which can lead to a heap buffer overflow condition. The issue has been assigned a CVSS v3.1 base score of 5.5 MEDIUM with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

The vulnerability can result in a denial of service condition through excessive memory allocation attempts. When exploited, it can cause the application to crash due to out-of-memory conditions, potentially affecting the availability of systems running the vulnerable SWFTools version (GitHub Issue).

No official patches or mitigations have been publicly announced for this vulnerability. Users are advised to exercise caution when processing untrusted PNG files with SWFTools 0.9.2 (NVD).