Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of service (application crash) via a 1x1 JPEG image.
Max CVSS
5.0
EPSS Score
1.28%
Published
2008-08-27
Updated
2017-08-08
swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict local file access from untrusted sandboxes, which allows remote attackers to read arbitrary files via a crafted Flash file.
Max CVSS
4.3
EPSS Score
0.43%
Published
2008-04-16
Updated
2017-08-08
2 vulnerabilities found