The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted file.