PatchSiren cyber security CVE debrief

CVE-2016-9829 Libming CVE debrief

CVE-2016-9829 is a high-severity heap-based buffer overflow in libming’s listswf tool, specifically in parseSWF_DEFINEFONT. A crafted SWF file can trigger memory corruption, and NVD rates the issue 7.8 HIGH with potential impact to confidentiality, integrity, and availability. The affected range in the supplied NVD data extends through libming 0.4.7.

Vendor: Libming
Product: CVE-2016-9829
CVSS: HIGH 7.8
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-02-17
Original CVE updated: 2026-05-13
Advisory published: 2017-02-17
Advisory updated: 2026-05-13

Who should care

Administrators, developers, and product teams that ship or use libming 0.4.7 or earlier, especially any workflow that processes untrusted SWF files with listswf or related tooling.

Technical summary

The issue is classified by NVD as CWE-119 (improper restriction of operations within the bounds of a memory buffer). The vulnerable code path is parseSWF_DEFINEFONT in parser.c used by listswf. NVD’s CVSS v3.0 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating that successful exploitation requires user interaction and can lead to severe impact. The supplied references include public advisories and discussion threads that document the bug and its heap overflow nature.

Defensive priority

High for any environment that processes untrusted SWF content, but especially where listswf is exposed in automated pipelines, shared workstations, or build and analysis systems. Prioritize if libming is still present in supported products or bundled utilities.

Recommended defensive actions

Inventory systems and applications using libming, especially listswf, and confirm whether version 0.4.7 or earlier is deployed.
Upgrade to a non-vulnerable libming release if one is available in your distribution or vendor package stream.
If immediate upgrade is not possible, disable or restrict listswf and any untrusted-SWF processing paths.
Isolate SWF analysis in a sandboxed, least-privilege environment and avoid opening unknown files on production workstations.
Add file-handling controls and monitoring around SWF uploads, imports, and automated analysis jobs.
Track downstream products that bundle libming and verify whether they have incorporated a fix.

Evidence notes

The CVE description and NVD record identify a heap-based buffer overflow in parseSWF_DEFINEFONT within libming 0.4.7’s listswf tool, triggered by a crafted SWF file. NVD lists CWE-119 and CVSS v3.0 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The supplied references include an Openwall oss-security thread, a Gentoo advisory entry, and a SecurityFocus bulletin ID, all pointing to public analysis of the issue. The NVD CPE criteria mark libming versions through 0.4.7 as vulnerable.

Official resources

CVE-2016-9829 CVE record
CVE.org
CVE-2016-9829 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Exploit, Mailing List, Third Party Advisory
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory, VDB Entry

CVE published by the source corpus on 2017-02-17. The supplied NVD record was last modified on 2026-05-13. Use the published date as the disclosure date for this CVE; do not treat the later modified date as the original issue date.