exploitDog

CVE-2021-28856

Опубликовано: 14 апр. 2021

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Низкий

Описание

In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.

Ссылки

https://fatihhcelik.github.io/posts/Division-By-Zero-Deark/
Patch
Third Party Advisory
https://github.com/fuzzing2026/CVE-PoCs/tree/main/deark-CVE-2021-28856
https://github.com/jsummers/deark/commit/62acb7753b0e3c0d3ab3c15057b0a65222313334
Patch
Third Party Advisory
https://fatihhcelik.github.io/posts/Division-By-Zero-Deark/
Patch
Third Party Advisory
https://github.com/jsummers/deark/commit/62acb7753b0e3c0d3ab3c15057b0a65222313334
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:entropymine:deark:*:*:*:*:*:*:*:*

Версия до 1.5.8 (исключая)

EPSS

Процентиль: 42%

0.00198

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369

Связанные уязвимости

GHSA-f68w-mw2g-j2g2

CVSS3: 5.5

github

больше 3 лет назад

In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.

EPSS

Процентиль: 42%

0.00198

Низкий

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-369