SB2017052318 - Multiple vulnerabilities in ImageWorsener 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017052318

SB2017052318 - Multiple vulnerabilities in ImageWorsener

Published: May 23, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017052318
Severity
Medium
Patch available
NO
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Division by zero (CVE-ID: CVE-2017-9201)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide-by-zero error within imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1. A remote attacker can perform a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.


2) Division by zero (CVE-ID: CVE-2017-9202)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to divide-by-zero error within imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1. A remote attacker can perform a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.


3) Out-of-bounds write (CVE-ID: CVE-2017-9203)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c.


4) Out-of-bounds read (CVE-ID: CVE-2017-9204)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.


5) Out-of-bounds read (CVE-ID: CVE-2017-9205)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.


6) Out-of-bounds read (CVE-ID: CVE-2017-9206)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.


7) Out-of-bounds read (CVE-ID: CVE-2017-9207)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References