Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-16890

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Jul, 2018 | 11:00
Updated At-05 Aug, 2024 | 20:35
Rejected At-
Credits

SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Jul, 2018 | 11:00
Updated At:05 Aug, 2024 | 20:35
Rejected At:
▼CVE Numbering Authority (CNA)

SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/matthiaskramm/swftools/issues/57
x_refsource_MISC
Hyperlink: https://github.com/matthiaskramm/swftools/issues/57
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/matthiaskramm/swftools/issues/57
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/matthiaskramm/swftools/issues/57
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Jul, 2018 | 11:29
Updated At:06 Sep, 2018 | 15:46

SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.5MEDIUM
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CPE Matches
SWFTools
swftools
>>swftools>>0.9.2
cpe:2.3:a:swftools:swftools:0.9.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-369Primarynvd@nist.gov
CWE ID: CWE-369
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/matthiaskramm/swftools/issues/57cve@mitre.org
Exploit
Third Party Advisory
Hyperlink: https://github.com/matthiaskramm/swftools/issues/57
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

159Records found
CVE-2021-39593
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_FontExtract_DefineFontInfo() located in swftext.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39556
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D1() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-1000182
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools, a memory leak was found in wav2swf.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2021-42196
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 16:42
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-42202
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 18:35
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-42200
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 17:36
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-42198
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-31 May, 2022 | 17:19
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39554
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function Lexer::Lexer() located in Lexer.cc. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39594
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Other An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function updateusage() located in swftext.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39598
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function callcode() located in code.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39555
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function InfoOutputDev::type3D0() located in InfoOutputDev.cc. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39559
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function GString::~GString() located in GString.cc. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39589
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parse_metadata() located in abc.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39590
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function params_dump() located in abc.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39557
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function copyString() located in gmem.cc. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39553
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.29%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function grealloc() located in gmem.cc. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39585
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function traits_dump() located in abc.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39587
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpABC() located in abc.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39575
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function dump_method() located in abc.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39562
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function FileStream::makeSubStream() located in Stream.cc. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39591
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_GetShapeBoundingBox() located in swfshape.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-8401
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 53.55%
||
7 Day CHG~0.00%
Published-01 May, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8420
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 51.45%
||
7 Day CHG~0.00%
Published-05 Jul, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS (Access Violation).

Action-Not Available
Vendor-n/aMicrosoft CorporationSWFTools
Product-swftoolswindowsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-16794
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.20% / 42.18%
||
7 Day CHG~0.00%
Published-12 Nov, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-16711
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.44% / 62.89%
||
7 Day CHG~0.00%
Published-09 Nov, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefinitions in lib/readers/swf.c and fill_line_bitmap in lib/devices/render.c, as demonstrated by swfrender.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-16868
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 40.71%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 09:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not properly restrict a multiplication within a malloc call, which allows remote attackers to cause a denial of service (integer overflow and NULL pointer dereference) via a crafted WAV file.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2017-1000187
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.18% / 40.06%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF()

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1000176
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.71%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools, a memcpy buffer overflow was found in swfc.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1000186
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.94%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools, a stack overflow was found in pdf2swf.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1000185
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 36.71%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools, a memcpy buffer overflow was found in gif2swf.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-1000174
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-17 Nov, 2017 | 01:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SWFTools, an address access exception was found in swfdump swf_GetBits().

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2021-39588
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_ReadABC() located in abc.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39563
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function swf_DumpActions() located in swfaction.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39583
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_string2() located in pool.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39592
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function pool_lookup_uint() located in pool.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39584
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.78%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function namespace_set_hash() located in pool.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39597
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_dump2() located in code.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2021-39596
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 35.50%
||
7 Day CHG~0.00%
Published-20 Sep, 2021 | 15:27
Updated-04 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function code_parse() located in code.c. It allows an attacker to cause Denial of Service.

Action-Not Available
Vendor-n/aSWFTools
Product-swftoolsn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2019-11472
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 59.91%
||
7 Day CHG~0.00%
Published-23 Apr, 2019 | 13:55
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first.

Action-Not Available
Vendor-n/aImageMagick Studio LLC
Product-imagemagickn/a
CWE ID-CWE-369
Divide By Zero
CVE-2014-8130
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.08% / 83.66%
||
7 Day CHG~0.00%
Published-12 Mar, 2018 | 02:00
Updated-06 Aug, 2024 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not reject a zero size, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted TIFF image that is mishandled by the TIFFWriteScanline function in tif_write.c, as demonstrated by tiffdither.

Action-Not Available
Vendor-n/aRed Hat, Inc.LibTIFFApple Inc.
Product-enterprise_linux_serveriphone_osenterprise_linux_server_euslibtiffenterprise_linux_server_ausenterprise_linux_workstationmac_os_xenterprise_linux_server_tusenterprise_linux_desktopn/a
CWE ID-CWE-369
Divide By Zero
CVE-2019-10025
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.39%
||
7 Day CHG~0.00%
Published-24 Mar, 2019 | 23:12
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.

Action-Not Available
Vendor-xpdfreadern/a
Product-xpdfn/a
CWE ID-CWE-369
Divide By Zero
CVE-2017-7598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.70% / 71.59%
||
7 Day CHG~0.00%
Published-09 Apr, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.

Action-Not Available
Vendor-n/aLibTIFF
Product-libtiffn/a
CWE ID-CWE-369
Divide By Zero
CVE-2019-7156
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 64.00%
||
7 Day CHG~0.00%
Published-29 Jan, 2019 | 08:00
Updated-04 Aug, 2024 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.

Action-Not Available
Vendor-libdoc_projectn/a
Product-libdocn/a
CWE ID-CWE-369
Divide By Zero
CVE-2020-27773
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.09% / 24.77%
||
7 Day CHG~0.00%
Published-04 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.

Action-Not Available
Vendor-n/aRed Hat, Inc.Debian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickenterprise_linuxImageMagick
CWE ID-CWE-369
Divide By Zero
CVE-2019-16168
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.84% / 74.38%
||
7 Day CHG~0.00%
Published-09 Sep, 2019 | 16:07
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

Action-Not Available
Vendor-sqliten/aTenable, Inc.Debian GNU/LinuxMcAfee, LLCNetApp, Inc.Fedora ProjectOracle CorporationCanonical Ltd.
Product-ubuntu_linuxsolarispolicy_auditornessus_agentsqliteactive_iq_unified_manageroutside_in_technologyjdkoncommand_workflow_automationsantricity_unified_managersteelstore_cloud_integrated_storagezfs_storage_appliancedebian_linuxontap_select_deploy_administration_utilityjrecommunications_design_studioe-series_santricity_os_controllerfedoramysqloncommand_insightn/a
CWE ID-CWE-369
Divide By Zero
CVE-2020-27763
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.13% / 32.14%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 00:00
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.

Action-Not Available
Vendor-n/aDebian GNU/LinuxImageMagick Studio LLC
Product-debian_linuximagemagickImageMagick
CWE ID-CWE-369
Divide By Zero
CVE-2019-14249
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 64.18%
||
7 Day CHG~0.00%
Published-24 Jul, 2019 | 03:30
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump.

Action-Not Available
Vendor-libdwarf_projectn/a
Product-libdwarfn/a
CWE ID-CWE-369
Divide By Zero
CVE-2019-14443
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.51% / 65.71%
||
7 Day CHG~0.00%
Published-30 Jul, 2019 | 12:05
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.

Action-Not Available
Vendor-libavn/aDebian GNU/Linux
Product-libavdebian_linuxn/a
CWE ID-CWE-369
Divide By Zero
CVE-2019-14494
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.97% / 83.24%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 16:05
Updated-05 Aug, 2024 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc.

Action-Not Available
Vendor-n/aFedora Projectfreedesktop.orgDebian GNU/LinuxRed Hat, Inc.Canonical Ltd.
Product-ubuntu_linuxdebian_linuxfedoraenterprise_linuxpopplern/a
CWE ID-CWE-369
Divide By Zero
CVE-2019-15133
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.22%
||
7 Day CHG~0.00%
Published-17 Aug, 2019 | 00:00
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero.

Action-Not Available
Vendor-giflib_projectn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxgiflibn/a
CWE ID-CWE-369
Divide By Zero
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found