Lucene search

MitreCVE-2023-27249

HistoryMar 23, 2023 - 2:15 a.m.

CVE-2023-27249

2023-03-2302:15:12

CWE-787

mitre

web.nvd.nist.gov

cve-2023-27249

swfdump

heap buffer overflow

nvd

security vulnerability

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.1%

JSON

swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.

Affected configurations

Nvd

Node

swftoolsswftoolsMatch0.9.2

VendorProductVersionCPE
swftoolsswftools0.9.2cpe:/a:swftools:swftools:0.9.2:::

Vendor	Product	Version	CPE
swftools	swftools	0.9.2	cpe:/a:swftools:swftools:0.9.2:::

References

swfdump.com

github.com/keepinggg/poc/blob/main/poc_of_swfdump/poc

github.com/keepinggg/poc/tree/main/poc_of_swfdump

github.com/matthiaskramm/swftools

github.com/matthiaskramm/swftools/issues/197

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.1%

JSON

Related for CVE-2023-27249