CVE-2017-9206

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-9206

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9206.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-9206

Published

2017-05-23T04:29:04Z

Modified

2025-10-21T04:22:57.595149Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The iwgetui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.

References

Affected packages

Git / github.com/jsummers/imageworsener

Affected ranges

Type: GIT
Repo: https://github.com/jsummers/imageworsener
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d

Affected versions

0.*

0.9.0

0.9.1

0.9.10

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.8

0.9.9

1.*

1.0.0

1.1.0

1.2.0

1.3.0

1.3.1

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
        "id": "CVE-2017-9206-2fb7bc0d",
        "digest": {
            "function_hash": "189543805727686735004239999632055257490",
            "length": 912.0
        },
        "target": {
            "function": "iwjpeg_scan_exif_ifd",
            "file": "src/imagew-jpeg.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
        "id": "CVE-2017-9206-63511cf9",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "231300748759818284572325872434159436029",
                "226175450860525757779219916364051760414",
                "91153269694969210530224734252833994583",
                "49243017465166593327793879307707183223",
                "296857793544256294142748696335854382298",
                "171266172158948150107999830146592426111",
                "43938948650739357532391427045333006793",
                "203923397525115215041168222842222080867",
                "323833074291161316519123328201216519466",
                "31812105361227687258585745138192128848",
                "291973743221944831683559998392691347313",
                "253300396543670967600888005270192931369",
                "237061372942045664785298193388847743296",
                "258110848929861067744466146564241412749",
                "63265811084733727446616558781483360664",
                "36720230997305855295828544864425758277",
                "313759727473586201900013473242506341628",
                "74612022230049358943370264316009344382",
                "88424805846917211345932220489386190161",
                "300122041215508441111502776222475448210",
                "2535314221248833476377543388243801949",
                "310929460626106324500083087964831861481",
                "177074718092710794398936458828359210267",
                "61106757982923237106503820466804813200",
                "331953995551661443101130030723151794325",
                "182201557618690315899268849329881616582",
                "241617664636091048771393755827531143248",
                "86680155130273121684120836636374626123",
                "257365050955589147749223116132440364439",
                "266689625931267424291875201197666104440",
                "59769448256500668962173062886230444827",
                "263169688927278563196808220042406703586",
                "43806283704345761708955443232548315823",
                "150121237868648580059808525004041226306",
                "34318421377181552269693102730545939355",
                "105773099354199557106913784020969511509",
                "49880482028084808827871803785000521176",
                "225844974470859662102783442682607225253",
                "214176252870881304793183620522928460758",
                "114091110698356175087885538596340639549"
            ]
        },
        "target": {
            "file": "src/imagew-jpeg.c"
        },
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
        "id": "CVE-2017-9206-6b4d7506",
        "digest": {
            "function_hash": "92816308606384892745323279276534051820",
            "length": 369.0
        },
        "target": {
            "function": "iwjpeg_scan_exif",
            "file": "src/imagew-jpeg.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
        "id": "CVE-2017-9206-7b7c3fc0",
        "digest": {
            "function_hash": "102884252120242781080926159619191360597",
            "length": 665.0
        },
        "target": {
            "function": "get_exif_tag_dbl_value",
            "file": "src/imagew-jpeg.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "deprecated": false,
        "source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
        "id": "CVE-2017-9206-c1604b40",
        "digest": {
            "function_hash": "131095719114595547989694215081384224287",
            "length": 510.0
        },
        "target": {
            "function": "get_exif_tag_int_value",
            "file": "src/imagew-jpeg.c"
        },
        "signature_type": "Function",
        "signature_version": "v1"
    }
]