CVE-2024-22911 – A stack-buffer-underflow vulnerability in SWFTo... (How to Fix)

Q: What is the severity of CVE-2024-22911?

CVE-2024-22911 has a CVSS score of 7.8 (HIGH). A stack-buffer-underflow vulnerability in SWFTools v0.9.2 allows attackers to read memory contents beyond allocated buffer boundaries when parsing SWF files. This affects users processing untrusted SWF files with vulnerable SWFTools versions. The vulnerability could lead to information disclosure or be combined with other vulnerabilities for more severe attacks.

📋 TL;DR

A stack-buffer-underflow vulnerability in SWFTools v0.9.2 allows attackers to read memory contents beyond allocated buffer boundaries when parsing SWF files. This affects users processing untrusted SWF files with vulnerable SWFTools versions. The vulnerability could lead to information disclosure or be combined with other vulnerabilities for more severe attacks.

💻 Affected Systems

Products:

SWFTools

Versions: v0.9.2 and potentially earlier versions

Operating Systems: Linux, Windows, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing SWF files with the parseExpression function, typically during SWF conversion or manipulation operations.

📦 What is this software?

Swftools by Swftools

View all CVEs affecting Swftools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Memory corruption leading to arbitrary code execution, potentially allowing full system compromise if combined with other vulnerabilities.

🟠

Likely Case

Information disclosure through memory read, potentially exposing sensitive data or application secrets.

🟢

If Mitigated

Denial of service through application crash when processing malicious SWF files.

🌐 Internet-Facing: MEDIUM - Only affects systems processing SWF files from untrusted sources, which is less common for internet-facing services.

🏢 Internal Only: LOW - Internal systems processing SWF files would need to handle malicious content from compromised internal sources.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious SWF file that triggers the buffer underflow condition. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check GitHub repository for latest fixes

Vendor Advisory: https://github.com/matthiaskramm/swftools/issues/216

Restart Required: Yes

Instructions:

1. Check current SWFTools version. 2. Update to latest version from GitHub repository. 3. Recompile if using source. 4. Restart any services using SWFTools.

🔧 Temporary Workarounds

Disable SWF Processing

all

Temporarily disable SWF file processing in applications using SWFTools

Input Validation

all

Implement strict validation of SWF files before processing with SWFTools

🧯 If You Can't Patch

Isolate SWFTools usage to dedicated systems with no sensitive data
Implement network segmentation to limit access to systems using SWFTools

🔍 How to Verify

Check if Vulnerable:

Check SWFTools version with 'swfc --version' or 'swfrender --version'

Check Version:

swfc --version

Verify Fix Applied:

Verify updated version no longer contains vulnerable parseExpression function at src/swfc.c:2602

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing SWF files
Memory access violation errors in system logs

Network Indicators:

Unusual SWF file uploads to systems using SWFTools

SIEM Query:

Process:swfc OR Process:swfrender AND (EventID:1000 OR "access violation")

📊 Metadata

CVE ID: CVE-2024-22911

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 19, 2024

Last Updated: June 5, 2025

🔗 References

https://github.com/matthiaskramm/swftools/issues/216 Exploit,Third Party Advisory
https://github.com/matthiaskramm/swftools/issues/216 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22911, you might also want to check these: