Vulnerabilities > CVE-2017-7962 - Divide By Zero vulnerability in Entropymine Imageworsener 1.3.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-201706-06.NASL |
description | The remote host is affected by the vulnerability described in GLSA-201706-06 (ImageWorsener: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ImageWorsener. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to process a specially crafted image file using ImageWorsener, possibly resulting in a Denial of Service condition or have other unspecified impacts. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 100649 |
published | 2017-06-07 |
reporter | This script is Copyright (C) 2017-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/100649 |
title | GLSA-201706-06 : ImageWorsener: Multiple vulnerabilities |
code |
|
References
- https://blogs.gentoo.org/ago/2017/04/17/imageworsener-divide-by-zero-in-iwgif_record_pixel-imagew-gif-c/
- https://blogs.gentoo.org/ago/2017/04/17/imageworsener-divide-by-zero-in-iwgif_record_pixel-imagew-gif-c/
- https://github.com/jsummers/imageworsener/commit/ca3356eb49fee03e2eaf6b6aff826988c1122d93
- https://github.com/jsummers/imageworsener/commit/ca3356eb49fee03e2eaf6b6aff826988c1122d93
- https://github.com/jsummers/imageworsener/issues/15
- https://github.com/jsummers/imageworsener/issues/15
- https://security.gentoo.org/glsa/201706-06
- https://security.gentoo.org/glsa/201706-06