Cyber Resilience

CVE-2024-25770

MediumPublic PoC

Published: 26 February 2024

Published
26 February 2024
Modified
16 April 2025
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
EPSS Score 0.0011 28.5th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-25770 is a medium-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Libming Libming. Its CVSS base score is 4.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique OS Exhaustion Flood (T1499.001); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.001 OS Exhaustion Flood Impact
Adversaries may launch a denial of service (DoS) attack targeting an endpoint's operating system (OS).
Why these techniques?

Memory leak in libming's actioncompiler allows resource exhaustion (RAM) on endpoints processing malformed SWF files, facilitating OS exhaustion flood attacks.

Affected Assets

libming
libming
0.4.8

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References