CVE-2024-22955 – CVE-2024-22955 is a stack-buffer-underflow vuln... (How to Fix)

Q: What is the severity of CVE-2024-22955?

CVE-2024-22955 has a CVSS score of 7.8 (HIGH). CVE-2024-22955 is a stack-buffer-underflow vulnerability in swftools 0.9.2 that allows attackers to read sensitive memory contents or potentially execute arbitrary code by crafting malicious SWF files. This affects any system running vulnerable versions of swftools, particularly those processing untrusted SWF content.

📋 TL;DR

CVE-2024-22955 is a stack-buffer-underflow vulnerability in swftools 0.9.2 that allows attackers to read sensitive memory contents or potentially execute arbitrary code by crafting malicious SWF files. This affects any system running vulnerable versions of swftools, particularly those processing untrusted SWF content.

💻 Affected Systems

Products:

swftools

Versions: 0.9.2 (specifically mentioned; earlier versions may also be affected)

Operating Systems: Linux, Windows, macOS - any OS running swftools

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when processing SWF files through the parseExpression function; any use of swftools to parse SWF files is potentially vulnerable.

📦 What is this software?

Swftools by Swftools

View all CVEs affecting Swftools →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise if the vulnerability can be chained with other exploits or memory corruption leads to control flow hijacking.

🟠

Likely Case

Information disclosure through memory leaks, denial of service via application crashes, or limited code execution within the application context.

🟢

If Mitigated

Application crash with no further impact if proper memory protections (ASLR, stack canaries) are enabled and exploit attempts are detected.

🌐 Internet-Facing: MEDIUM - Risk depends on whether swftools processes external SWF files from untrusted sources via web interfaces or APIs.

🏢 Internal Only: LOW - Primarily affects systems using swftools for SWF processing; limited internal exposure unless widely deployed.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious SWF file; no public exploit code is currently available, but the vulnerability details are public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: https://github.com/matthiaskramm/swftools/issues/207

Restart Required: No

Instructions:

1. Monitor the GitHub issue for patches. 2. If a patch is released, download the updated source code. 3. Compile and install the patched version. 4. Replace any vulnerable binaries.

🔧 Temporary Workarounds

Disable SWF processing

linux

Prevent swftools from processing SWF files by removing or restricting access to the tool.

sudo rm /usr/local/bin/swfc
sudo chmod 000 /usr/local/bin/swfc

Input validation

all

Implement strict validation of SWF files before processing with swftools.

🧯 If You Can't Patch

Isolate swftools to a restricted environment with minimal privileges.
Monitor for crashes or unusual memory usage in swftools processes.

🔍 How to Verify

Check if Vulnerable:

Check swftools version: swfc --version 2>&1 | grep -i version

Check Version:

swfc --version 2>&1 | head -1

Verify Fix Applied:

After patching, verify the version is updated and test with known safe SWF files.

📡 Detection & Monitoring

Log Indicators:

Application crashes of swftools processes
Memory access violation errors in system logs

Network Indicators:

Unusual SWF file uploads to systems using swftools

SIEM Query:

process_name:"swfc" AND (event_type:"crash" OR memory_violation)

📊 Metadata

CVE ID: CVE-2024-22955

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 19, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/matthiaskramm/swftools/issues/207 Exploit,Third Party Advisory
https://github.com/matthiaskramm/swftools/issues/207 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22955, you might also want to check these: