CVE-2023-27249 - Vulnerability Details - OpenCVE

swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Swftools	Swftools

Configuration 1 [-]

cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://swfdump.com
https://github.com/keepinggg/poc/blob/main/poc_of_swfdump/poc
https://github.com/keepinggg/poc/tree/main/poc_of_swfdump
https://github.com/matthiaskramm/swftools
https://github.com/matthiaskramm/swftools/issues/197

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-03-23T00:00:00

Updated: 2024-08-02T12:01:32.533Z

Reserved: 2023-02-27T00:00:00

Link: CVE-2023-27249

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-03-23T02:15:12.733

Modified: 2024-11-21T07:52:31.690

Link: CVE-2023-27249

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6149BA0-2082-45B7-9B43-CAC2F1768770", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c."}], "id": "CVE-2023-27249", "lastModified": "2024-11-21T07:52:31.690", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-03-23T02:15:12.733", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://swfdump.com"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/keepinggg/poc/blob/main/poc_of_swfdump/poc"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/keepinggg/poc/tree/main/poc_of_swfdump"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://github.com/matthiaskramm/swftools"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/matthiaskramm/swftools/issues/197"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://swfdump.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/keepinggg/poc/blob/main/poc_of_swfdump/poc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/keepinggg/poc/tree/main/poc_of_swfdump"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/matthiaskramm/swftools"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/matthiaskramm/swftools/issues/197"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}