CVE-2025-6271 | THREATINT

Description

A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Es wurde eine problematische Schwachstelle in swftools bis 0.9.2 gefunden. Es betrifft die Funktion wav_convert2mono in der Bibliothek lib/wav.c der Komponente wav2swf. Mittels Manipulieren mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-06-19 | Published 2025-06-19 | Updated 2025-06-19 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

Problem types

Out-of-Bounds Read

Memory Corruption

Timeline

2025-06-19:	Advisory disclosed
2025-06-19:	VulDB entry created
2025-06-19:	VulDB entry last update

Credits

JJLeo (VulDB User) reporter

References

vuldb.com/?id.313275 (VDB-313275 | swftools wav2swf wav.c wav_convert2mono out-of-bounds) vdb-entry technical-description

vuldb.com/?ctiid.313275 (VDB-313275 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.593005 (Submit #593005 | swftools swftools 0.9.2 (commit c6a18ab) Out-of-Bounds Read) third-party-advisory

github.com/swftools/swftools/issues/239 issue-tracking

github.com/user-attachments/files/19415662/wav2swf_crash.txt exploit

cve.org (CVE-2025-6271)

nvd.nist.gov (CVE-2025-6271)

Download JSON