Stack-based buffer over-read in ImageWorsener - CVE-2017-7939
Published: June 6, 2017 / Updated: June 8, 2017
Vulnerability identifier: #VU6926
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-7939
CWE-ID: CWE-126
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Jason Summer
Affected software:
ImageWorsener
ImageWorsener
Detailed vulnerability description
The read_next_pam_token function in imagew-pnm.c in
libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to
cause a denial of service (stack-based buffer over-read) via a crafted
file.
How to mitigate CVE-2017-7939
Update to version 1.3.1.