CVE-2017-16883

medium

Published 2017-11-18 · Modified 2026-05-13

CVSS v3

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v2

4.3

VIR risk

6.5

Description

The outputSWF_TEXT_RECORD function in util/outputscript.c in libming <= 0.4.8 is vulnerable to a NULL pointer dereference, which may allow attackers to cause a denial of service via a crafted swf file.

Predictions

Exploit likelihood

75%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/libming/libming/issues/77

Application impact

Vendor	Product	Versions	Fixed
libming	libming	`{"endIncluding":"0.4.8"}`

References

https://github.com/libming/libming/issues/77
https://lists.debian.org/debian-lts-announce/2018/01/msg00014.html
https://github.com/libming/libming/issues/77
https://lists.debian.org/debian-lts-announce/2018/01/msg00014.html

CWEs

CWE-476

Verify integrity in audit chain (admin only). AS-IS.