Heap-based buffer over-read in ImageWorsener - CVE-2017-7454
Published: June 6, 2017 / Updated: June 8, 2017
Vulnerability identifier: #VU6925
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-7454
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Jason Summer
Affected software:
ImageWorsener
ImageWorsener
Detailed vulnerability description
The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in
ImageWorsener 1.3.0 allows remote attackers to cause a denial of
service (heap-based buffer over-read) via a crafted file.
How to mitigate CVE-2017-7454
Update to version 1.3.1.