SWFTools: User-assisted execution of arbitrary code
Gentoo Linux Security Advisory
||GLSA 201204-05 / SWFTools
||April 17, 2012
||April 18, 2012: 2
All supported architectures
A heap-based buffer overflow in SWFTools could result in the
execution of arbitrary code.
SWFTools is a collection of SWF manipulation and generation utilities
written by Rainer Böhme and Matthias Kramm.
Integer overflow errors in the "getPNG()" function in png.c and the
"jpeg_load()" function in jpeg.c could cause a heap-based buffer
A remote attacker could entice a user to open a specially crafted PNG or
JPEG file, possibly resulting in execution of arbitrary code with the
privileges of the process, or a Denial of Service condition.
There is no known workaround at this time.
Gentoo discontinued support for SWFTools. We recommend that users
Code Listing 3.1: Resolution
# emerge --unmerge "media-gfx/swftools"
NOTE: Users could upgrade to ">=media-gfx/swftools-0.9.1", however
these packages are not currently stable.