Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 7 |
CVE-ID | CVE-2017-9201 CVE-2017-9202 CVE-2017-9203 CVE-2017-9204 CVE-2017-9205 CVE-2017-9206 CVE-2017-9207 |
CWE-ID | CWE-369 CWE-787 CWE-125 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
ImageWorsener Universal components / Libraries / Libraries used by multiple products |
Vendor | Jason Summer |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
EUVDB-ID: #VU38948
Risk: Medium
CVSSv3.1: 6 [AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-9201
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1. A remote attacker can perform a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsImageWorsener: 1.3.1
External linkshttp://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/
http://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU38949
Risk: Medium
CVSSv3.1: 6 [AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-9202
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to divide-by-zero error within imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1. A remote attacker can perform a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsImageWorsener: 1.3.1
External linkshttp://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/
http://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU38950
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9203
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsImageWorsener: 1.3.1
External linkshttp://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/
http://github.com/jsummers/imageworsener/commit/a4f247707f08e322f0b41e82c3e06e224240a654
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU38951
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9204
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsImageWorsener: 1.3.1
External linkshttp://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/
http://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU38952
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-9205
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsImageWorsener: 1.3.1
External linkshttp://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/
http://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU38953
Risk: Medium
CVSSv3.1: 6 [AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-9206
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsImageWorsener: 1.3.1
External linkshttp://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/
http://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU38954
Risk: Medium
CVSSv3.1: 6 [AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2017-9207
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsImageWorsener: 1.3.1
External linkshttp://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/
http://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.