Skip to main content

Imageworsener CVE-2017-7624

MEDIUM
Missing Release of Resource after Effective Lifetime (CWE-772)
2017-04-10 cve@mitre.org
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Apr 10, 2017 - 17:59 cve.org
MEDIUM 5.5

DescriptionCVE.org

The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.

AnalysisAI

The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-772. The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. Affected products include: Entropymine Imageworsener.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2018-16782 HIGH POC
8.8 Sep 10

libimageworsener.a in ImageWorsener 1.3.2 has a buffer overflow in the bmpr_read_rle_internal function in imagew-bmp.c.

CVE-2017-7962 MEDIUM POC
5.5 Apr 19

The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to ca

CVE-2018-5252 MEDIUM POC
5.3 Jan 05

libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has a large loop in the get_raw_sample_int function

CVE-2017-8325 HIGH
8.8 Apr 29

The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows

CVE-2017-8326 HIGH
8.8 Apr 29

libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior i

CVE-2017-8327 MEDIUM
6.5 Apr 29

The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote at

CVE-2017-9206 MEDIUM
6.5 May 23

The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers

CVE-2017-9205 MEDIUM
6.5 May 23

The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers

CVE-2017-9204 MEDIUM
6.5 May 23

The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers

CVE-2017-9203 MEDIUM
6.5 May 23

imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (

CVE-2017-9202 MEDIUM
6.5 May 23

imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (d

CVE-2017-9201 MEDIUM
6.5 May 23

imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (d

Share

CVE-2017-7624 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy