Headline
CVE-2021-42197: memory leaks in swftools when we use swfdump · Issue #177 · matthiaskramm/swftools
An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution.
system info
Ubuntu x86_64, clang 6.0, swfdump (latest master a9d5082)
Command line
./src/swfdump -D @@
AddressSanitizer output
==43305==ERROR: LeakSanitizer: detected memory leaks
Indirect leak of 63245 byte(s) in 2 object(s) allocated from:
#0 0x7ffff6f02602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x532fa7 in rfx_alloc /test/swftools-asan/lib/mem.c:30
#2 0x7fffffffe2bf ()
Indirect leak of 144 byte(s) in 3 object(s) allocated from:
#0 0x7ffff6f0279a in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x9879a)
#1 0x53318c in rfx_calloc /test/swftools-asan/lib/mem.c:69
#2 0x7fffffffe2bf ()
SUMMARY: AddressSanitizer: 63389 byte(s) leaked in 5 allocation(s).
POC
memory_leaks_poc