Headline
CVE-2021-42200: A NULL pointer dereference exists in the function main in swfdump.c · Issue #170 · matthiaskramm/swftools
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.
system info
Ubuntu x86_64, clang 6.0, swfdump (latest master a9d5082)
Command line
./src/swfdump -D @@
AddressSanitizer output
==1975==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000406f68 bp 0x7fffffffe3a0 sp 0x7fffffffdf30 T0)
#0 0x406f67 in main /test/swftools-asan/src/swfdump.c:1323
#1 0x7ffff68a683f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
#2 0x40c168 in _start (/test/swftools-asan/src/swfdump+0x40c168)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /test/swftools-asan/src/swfdump.c:1323 main
==1975==ABORTING
POC
main_poc