Denial of service in ImageWorsener - CVE-2017-8326
Published: June 6, 2017 / Updated: June 8, 2017
Vulnerability identifier: #VU6930
CSH Severity: Low
CVSS v4.0:
CVE-ID: CVE-2017-8326
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Jason Summer
Affected software:
ImageWorsener
ImageWorsener
Detailed vulnerability description
libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot
be represented in type int" undefined behavior issues, which might allow
remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image, related to
imagew-bmp.c and imagew-util.c.
How to mitigate CVE-2017-8326
Update to version 1.3.1.