Vulnerability Description
The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Entropymine | Imageworsener | < 1.3.1 |
Related Weaknesses (CWE)
References
- https://blogs.gentoo.org/ago/2017/04/27/imageworsener-heap-based-buffer-overflowPatchThird Party AdvisoryVDB Entry
- https://github.com/jsummers/imageworsener/commit/86564051db45b466e5f667111ce00b5Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201706-06Third Party Advisory
- https://blogs.gentoo.org/ago/2017/04/27/imageworsener-heap-based-buffer-overflowPatchThird Party AdvisoryVDB Entry
- https://github.com/jsummers/imageworsener/commit/86564051db45b466e5f667111ce00b5Issue TrackingPatchThird Party Advisory
- https://security.gentoo.org/glsa/201706-06Third Party Advisory
FAQ
What is CVE-2017-8325?
CVE-2017-8325 is a vulnerability with a CVSS score of 8.8 (HIGH). The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and a...
How severe is CVE-2017-8325?
CVE-2017-8325 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8325?
Check the references section above for vendor advisories and patch information. Affected products include: Entropymine Imageworsener.