Wiz
Vulnerability DatabaseCVE-2025-29486

CVE-2025-29486
Homebrew vulnerability analysis and mitigation

Overview

CVE-2025-29486 affects libming version 0.4.8, specifically involving a memory leak vulnerability in the parseSWF_PLACEOBJECT3 function. The vulnerability was discovered and disclosed on March 27, 2025, and was last modified on April 1, 2025 (NVD).

Technical details

The vulnerability is classified as CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) with a CVSS v3.1 base score of 6.5 (MEDIUM). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, no privileges required, and user interaction required (NVD).

Impact

The memory leak in the parseSWF_PLACEOBJECT3 function can result in the accumulation of unfreed memory, potentially leading to resource exhaustion and system performance degradation. The ASAN report indicates multiple direct and indirect memory leaks totaling 1408 bytes across 61 allocations (GitHub Issue).

Mitigation and workarounds

The vulnerability remains unfixed in the current version as indicated by the Debian Security Tracker (Debian). Users are advised to monitor for updates and implement memory usage restrictions as a temporary mitigation measure.

Additional resources

SourceThis report was generated using AI

Related Homebrew vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-58360CRITICAL9.8
  • JavaJava
  • org.geoserver.web:gs-web-app
NoYesNov 25, 2025
CVE-2025-65085HIGH8.4
  • NixOSNixOS
  • cobalt
NoNoNov 25, 2025
CVE-2025-65084HIGH8.4
  • NixOSNixOS
  • argon
NoNoNov 25, 2025
CVE-2025-59789HIGH7.5
  • HomebrewHomebrew
  • brpc
NoYesDec 01, 2025
CVE-2025-21621MEDIUM6.1
  • JavaJava
  • geoserver
NoYesNov 25, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo