A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://github.com/swftools/swftools/issues/239 | Exploit Third Party Advisory |
| https://github.com/swftools/swftools/issues/239 | Exploit Third Party Advisory |
| https://github.com/user-attachments/files/19415662/wav2swf_crash.txt | Exploit |
| https://vuldb.com/?ctiid.313275 | Permissions Required Third Party Advisory VDB Entry |
| https://vuldb.com/?id.313275 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.593005 | Third Party Advisory VDB Entry |
Configurations
History
02 Jul 2025, 19:03
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Swftools
Swftools swftools |
|
| CPE | cpe:2.3:a:swftools:swftools:*:*:*:*:*:*:*:* | |
| References | () https://github.com/swftools/swftools/issues/239 - Exploit, Third Party Advisory | |
| References | () https://vuldb.com/?submit.593005 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?id.313275 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?ctiid.313275 - Permissions Required, Third Party Advisory, VDB Entry | |
| References | () https://github.com/user-attachments/files/19415662/wav2swf_crash.txt - Exploit |
23 Jun 2025, 20:15
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : unknown |
| CWE | CWE-119 |
19 Jun 2025, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-06-19 18:15
Updated : 2025-07-02 19:03
NVD link : CVE-2025-6271
Mitre link : CVE-2025-6271
JSON object : View
Products Affected
swftools
- swftools
CWE
No CWE.