Risk | Low |
Patch available | YES |
Number of vulnerabilities | 9 |
CVE-ID | CVE-2017-7452 CVE-2017-7453 CVE-2017-7454 CVE-2017-7939 CVE-2017-7940 CVE-2017-7962 CVE-2017-8325 CVE-2017-8326 CVE-2017-8327 |
CWE-ID | CWE-476 CWE-126 CWE-119 CWE-369 CWE-122 CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
ImageWorsener Universal components / Libraries / Libraries used by multiple products |
Vendor | Jason Summer |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
EUVDB-ID: #VU6923
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7452
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
MitigationUpdate to version 1.3.1.
Vulnerable software versionsImageWorsener: 1.3.0
External linkshttp://github.com/jsummers/imageworsener/issues/8
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6924
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7453
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.
MitigationUpdate to version 1.3.1.
Vulnerable software versionsImageWorsener: 1.3.0
External linkshttp://github.com/jsummers/imageworsener/issues/9
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6925
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7454
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
MitigationUpdate to version 1.3.1.
Vulnerable software versionsImageWorsener: 1.3.0
External linkshttp://github.com/jsummers/imageworsener/issues/11
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6926
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7939
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file.
MitigationUpdate to version 1.3.1.
Vulnerable software versionsImageWorsener: 1.3.0
External linkshttp://github.com/jsummers/imageworsener/issues/13
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6927
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7940
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionSoftware is missing in databaseThe iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.
MitigationUpdate to version 1.3.1.
Vulnerable software versionsImageWorsener: 1.3.0
External linkshttp://github.com/jsummers/imageworsener/issues/18
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6928
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7962
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.
MitigationUpdate to version 1.3.1.
Vulnerable software versionsImageWorsener: 1.3.0
External linkshttp://github.com/jsummers/imageworsener/issues/15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6929
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-8325
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image.
MitigationUpdate to version 1.3.1.
Vulnerable software versionsImageWorsener: 1.3.0
External linkshttp://github.com/jsummers/imageworsener/commit/86564051db45b466e5f667111ce00b5eeedc8fb6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6930
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-8326
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
Descriptionlibimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c.
MitigationUpdate to version 1.3.1.
Vulnerable software versionsImageWorsener: 1.3.0
External linkshttp://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU6931
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-8327
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image.
MitigationUpdate to version 1.3.1.
Vulnerable software versionsImageWorsener: 1.3.0
External linkshttp://github.com/jsummers/imageworsener/commit/86564051db45b466e5f667111ce00b5eeedc8fb6
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.