Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c.Referenceshttps://github.com/libming/libming/commit/6e76e8c71cb51c8ba0aa9737a636b9ac3029887f
