Primary

Context

swftools Out-of-Bounds Read Vulnerability in wav2swf Component

Vulnerability

A global buffer overflow vulnerability has been identified in swftools versions through 0.9.2. This issue resides in the wav2swf component, specifically within the wav_convert2mono function of the lib/wav.c file. The vulnerability allows for an out-of-bounds read, which could be exploited locally, potentially leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a global buffer overflow, which can disrupt the normal operation of the application, likely leading to a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by compiling swftools with Clang, using the AddressSanitizer to detect memory errors. After compiling the tool, it can be run with a specially crafted WAV file that triggers the out-of-bounds read. The AddressSanitizer will report the buffer overflow error, indicating that the vulnerability has been successfully exploited.

Added: Jun 19, 2025, 6:26 PM

Updated: Jun 19, 2025, 6:26 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

swftools Out-of-Bounds Read Vulnerability in wav2swf Component

Vulnerability

Impact

Reproduction

Affected Products

swftools

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating