CVE-2017-8326
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-8326
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8326.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-8326
- Published
- 2017-04-29T20:59:00.227Z
- Modified
- 2025-11-14T05:19:29.099843Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c.
- References
Affected packages
Git / github.com/jsummers/imageworsener
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jsummers/imageworsener
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.9.0
0.9.1
0.9.10
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.8
0.9.9
1.*
1.0.0
1.1.0
1.2.0
1.3.0
Database specific
vanir_signatures
[
{
"target": {
"function": "iw_get_i32le",
"file": "src/imagew-util.c"
},
"signature_version": "v1",
"id": "CVE-2017-8326-072ca17f",
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738",
"deprecated": false,
"digest": {
"length": 152.0,
"function_hash": "153372018570267176720890529744128300097"
}
},
{
"target": {
"file": "src/imagew-util.c"
},
"signature_version": "v1",
"id": "CVE-2017-8326-0c466ce2",
"signature_type": "Line",
"source": "https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738",
"deprecated": false,
"digest": {
"line_hashes": [
"211382068140858635723264930750222297643",
"74623404602380721082143941854266220485",
"311665602779919187967258793404899372785",
"107206791284567583672606954918344664305",
"257088163195196898418942225686201045500",
"5109589055673950353967322898565120969",
"90651403275263285140180861583988033656",
"112049071427257956028442059925739204302",
"290451180991792682115331820657291101986",
"217811011610079710549319264971119365773",
"332436195793507979418980662507776890796",
"189392913528077876008082108845946831285",
"60889062634335314999862160755453629227",
"249606105439490279252307014343075543658",
"262552228280410179634515138638278587596",
"47820839450512965121815608704523019066",
"288977080672119849944910846144152511069",
"152175791863095905972825302846173811676",
"128084072967889174587290167248752031330",
"82129459142966836391477747624971729466"
],
"threshold": 0.9
}
},
{
"target": {
"function": "find_high_bit",
"file": "src/imagew-bmp.c"
},
"signature_version": "v1",
"id": "CVE-2017-8326-4c4d3e32",
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738",
"deprecated": false,
"digest": {
"length": 155.0,
"function_hash": "82411948936977240340731491396693431493"
}
},
{
"target": {
"file": "src/imagew-bmp.c"
},
"signature_version": "v1",
"id": "CVE-2017-8326-4e12e121",
"signature_type": "Line",
"source": "https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738",
"deprecated": false,
"digest": {
"line_hashes": [
"181748851845494149714177540211708913307",
"152741653319941007267633924695148100121",
"281335134186923838523040868135516544560",
"83592238665777084632954458967868577262",
"28062393793742210753734453004665313917",
"227228387043197736947039363170807686316",
"265797870266167928102076777201215611134",
"83592238665777084632954458967868577262"
],
"threshold": 0.9
}
},
{
"target": {
"function": "iw_get_ui16be",
"file": "src/imagew-util.c"
},
"signature_version": "v1",
"id": "CVE-2017-8326-5647e745",
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738",
"deprecated": false,
"digest": {
"length": 80.0,
"function_hash": "45000162424615787546709958022296803818"
}
},
{
"target": {
"function": "find_low_bit",
"file": "src/imagew-bmp.c"
},
"signature_version": "v1",
"id": "CVE-2017-8326-a52c4950",
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738",
"deprecated": false,
"digest": {
"length": 155.0,
"function_hash": "281648448375319185489296056759610539119"
}
},
{
"target": {
"function": "iw_get_ui32le",
"file": "src/imagew-util.c"
},
"signature_version": "v1",
"id": "CVE-2017-8326-d29f7ff4",
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738",
"deprecated": false,
"digest": {
"length": 128.0,
"function_hash": "305678844318308512696710881984128495566"
}
},
{
"target": {
"function": "iw_get_ui16le",
"file": "src/imagew-util.c"
},
"signature_version": "v1",
"id": "CVE-2017-8326-d474d85f",
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738",
"deprecated": false,
"digest": {
"length": 80.0,
"function_hash": "329948397021442492951336051598251890330"
}
},
{
"target": {
"function": "iw_get_ui32be",
"file": "src/imagew-util.c"
},
"signature_version": "v1",
"id": "CVE-2017-8326-f8a40477",
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738",
"deprecated": false,
"digest": {
"length": 128.0,
"function_hash": "148367599404440915797820707063652592366"
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-8326.json"