Vulnerabilities > CVE-2017-9093 - Infinite Loop vulnerability in Entropymine Imageworsener

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

entropymine

CWE-835

NVD

Published: 2017-05-19

Updated: 2019-10-03

Summary

The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.

Vulnerable Configurations

Part	Description	Count
Application	Entropymine Entropymine Imageworsener 0.9.0 Entropymine Imageworsener 0.9.1 Entropymine Imageworsener 0.9.2 Entropymine Imageworsener 0.9.3 Entropymine Imageworsener 0.9.4 Entropymine Imageworsener 0.9.5 Entropymine Imageworsener 0.9.6 Entropymine Imageworsener 0.9.8 Entropymine Imageworsener 0.9.9 Entropymine Imageworsener 0.9.10 Entropymine Imageworsener 1.0.0 Entropymine Imageworsener 1.1.0 Entropymine Imageworsener 1.2.0 Entropymine Imageworsener 1.3.0	14

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://github.com/jsummers/imageworsener/issues/26