CVE-2025-26305

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Feb 20, 2025
Updated: Feb 21, 2025
CWE ID 244

Summary

CVE-2025-26305 is a denial-of-service vulnerability affecting the parseSWF_SOUNDINFO function in libming v0.4.8's util/parser.c. A memory leak in this function can be triggered by a specially crafted SWF file, leading to excessive memory consumption and potentially causing the target system to crash or become unresponsive. Attackers can exploit this vulnerability to cause service interruptions or overload the victim's system with excessive memory usage. Users of libming v0.4.8 are advised to update to the latest version or apply a patch to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share