PatchSiren cyber security CVE debrief

CVE-2016-9827 Libming CVE debrief

CVE-2016-9827 affects the listswf tool in libming 0.4.7. A crafted SWF file can trigger a buffer over-read in _iprintf() from outputtxt.c, resulting in denial of service. The public record was published in February 2017, with related advisory references appearing in early December 2016.

Vendor: Libming
Product: CVE-2016-9827
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-17
Original CVE updated: 2026-05-13
Advisory published: 2017-02-17
Advisory updated: 2026-05-13

Who should care

Administrators and developers who still use libming 0.4.7, especially in workflows that process untrusted SWF files. Security teams should also care if listswf is used in automation, content analysis, archive processing, or other file-handling pipelines.

Technical summary

The vulnerability is described as a buffer over-read in _iprintf() within outputtxt.c, reached through the listswf tool when handling a crafted SWF file. NVD assigns CWE-119 and a CVSS v3.0 vector of AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating availability impact with user interaction required. The corpus also describes the issue as enabling remote attackers to cause denial of service; that wording differs from the CVSS attack vector and should be treated as source-level metadata, not a separate finding.

Defensive priority

Medium priority. Prioritize remediation if libming is exposed to untrusted SWF content or used in automated processing pipelines; otherwise, track it as a lower-risk maintenance item because user interaction is required and the impact is denial of service.

Recommended defensive actions

Inventory systems that include libming and confirm whether version 0.4.7 is present.
Upgrade to a fixed libming release if available, or remove/replace the affected toolchain component.
Avoid processing untrusted SWF files with listswf until the vulnerable version is retired.
Run the tool in a sandboxed or otherwise isolated environment when file inspection is unavoidable.
Add monitoring for crashes or abnormal terminations in SWF-processing workflows.
Use file-source controls and validation to reduce exposure to attacker-supplied content.

Evidence notes

The CVE description supplied in the corpus states that _iprintf in outputtxt.c in listswf in libming 0.4.7 allows remote attackers to cause denial of service via a crafted SWF file. The NVD record lists CWE-119 and CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. NVD references include Openwall oss-security posts, a SecurityFocus BID entry, and a Gentoo blog advisory entry, all of which are present in the supplied source metadata.

Official resources

CVE-2016-9827 CVE record
CVE.org
CVE-2016-9827 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Exploit, Mailing List, Third Party Advisory
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory, VDB Entry

Public advisory references in the supplied corpus date to 2016-12-01 and 2016-12-05, while the CVE record itself was published on 2017-02-17. The 2026-05-13 modified timestamp in the source is metadata for record updates, not the original漏洞