Bug 1068682 (CVE-2017-16868)

Summary: VUL-0: CVE-2017-16868: swftools: The wav_convert2mono function does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause DoS
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED NORESPONSE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE Factory   
URL: https://smash.suse.de/issue/195267/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Reproducer

Description Johannes Segitz 2017-11-17 12:04:30 UTC
Created attachment 749176 [details]
Reproducer

CVE-2017-16868

In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not
properly restrict a multiplication within a malloc call, which allows
remote attackers to cause a denial of service (integer overflow and
NULL pointer dereference) via a crafted WAV file.

wav2swf 6_wav2swf_onlysegfault_nooutputinasan

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16868
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16868
Comment 1 Jan Engelhardt 2018-03-26 12:26:44 UTC
No fix available upstream.
Comment 2 Jan Engelhardt 2018-03-27 10:04:30 UTC
WONTFIX from my side. Reopen for the team.
Comment 3 Marcus Meissner 2019-11-13 17:08:38 UTC
swftools now longer is shipped or supported (last was 42.3)