CVE-2025-29487: 
Homebrew vulnerability analysis and mitigation

An out-of-memory error was discovered in the parseABCSTRINGINFO function of libming version 0.4.8. The vulnerability was disclosed on March 27, 2025, and affects the core functionality of the library when processing SWF files containing ActionScript Bytecode (ABC) data (NVD).

The vulnerability occurs in the parseABCSTRINGINFO function when attempting to allocate a large block of memory (0x743feb5c6 bytes) while parsing ABC data. The issue manifests as an allocator exhaustion problem during the processing of SWF files containing specific bytecode structures. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high-severity issue with network attack vector and no required privileges or user interaction (CISA Bulletin).

When exploited, this vulnerability can lead to a Denial of Service (DoS) condition through allocator exhaustion. The application will abort when attempting to process affected SWF files, potentially disrupting services that rely on libming for SWF file processing (NVD).

The issue has been reported to the libming project through their issue tracking system. While a patch is pending, system administrators can temporarily mitigate the risk by setting allocatormayreturn_null=1, though this is not a complete solution (Issue Tracking).