CVE-2024-25770
Published: 26 February 2024
Summary
CVE-2024-25770 is a medium-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Libming Libming. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique OS Exhaustion Flood (T1499.001); ranked at the 28.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-23078
Vulnerability details
libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory leak in libming's actioncompiler allows resource exhaustion (RAM) on endpoints processing malformed SWF files, facilitating OS exhaustion flood attacks.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.