Main Vulnerability Database Vulnerabilities #VU6923

Null pointer dereference in ImageWorsener - CVE-2017-7452

Published: June 6, 2017 / Updated: June 8, 2017

Vulnerability identifier: #VU6923

CSH Severity: Low

CVSS v4.0:

CVE-ID: CVE-2017-7452

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Jason Summer

Affected software:
ImageWorsener

Detailed vulnerability description

The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.

How to mitigate CVE-2017-7452

Update to version 1.3.1.

Sources

https://github.com/jsummers/imageworsener/issues/8

Null pointer dereference in ImageWorsener - CVE-2017-7452

Detailed vulnerability description

How to mitigate CVE-2017-7452

Sources

Please verify you're human