CVE-2017-9207
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-9207
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-9207.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-9207
- Published
- 2017-05-23T04:29:04Z
- Modified
- 2025-09-19T09:10:49.432973Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The iwgetui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.
- References
Affected packages
Git / github.com/jsummers/imageworsener
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jsummers/imageworsener
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.9.0
0.9.1
0.9.10
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.8
0.9.9
1.*
1.0.0
1.1.0
1.2.0
1.3.0
1.3.1
Database specific
{
"vanir_signatures": [
{
"digest": {
"function_hash": "189543805727686735004239999632055257490",
"length": 912.0
},
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
"target": {
"file": "src/imagew-jpeg.c",
"function": "iwjpeg_scan_exif_ifd"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2017-9207-2fb7bc0d"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"231300748759818284572325872434159436029",
"226175450860525757779219916364051760414",
"91153269694969210530224734252833994583",
"49243017465166593327793879307707183223",
"296857793544256294142748696335854382298",
"171266172158948150107999830146592426111",
"43938948650739357532391427045333006793",
"203923397525115215041168222842222080867",
"323833074291161316519123328201216519466",
"31812105361227687258585745138192128848",
"291973743221944831683559998392691347313",
"253300396543670967600888005270192931369",
"237061372942045664785298193388847743296",
"258110848929861067744466146564241412749",
"63265811084733727446616558781483360664",
"36720230997305855295828544864425758277",
"313759727473586201900013473242506341628",
"74612022230049358943370264316009344382",
"88424805846917211345932220489386190161",
"300122041215508441111502776222475448210",
"2535314221248833476377543388243801949",
"310929460626106324500083087964831861481",
"177074718092710794398936458828359210267",
"61106757982923237106503820466804813200",
"331953995551661443101130030723151794325",
"182201557618690315899268849329881616582",
"241617664636091048771393755827531143248",
"86680155130273121684120836636374626123",
"257365050955589147749223116132440364439",
"266689625931267424291875201197666104440",
"59769448256500668962173062886230444827",
"263169688927278563196808220042406703586",
"43806283704345761708955443232548315823",
"150121237868648580059808525004041226306",
"34318421377181552269693102730545939355",
"105773099354199557106913784020969511509",
"49880482028084808827871803785000521176",
"225844974470859662102783442682607225253",
"214176252870881304793183620522928460758",
"114091110698356175087885538596340639549"
]
},
"signature_type": "Line",
"source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
"target": {
"file": "src/imagew-jpeg.c"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2017-9207-63511cf9"
},
{
"digest": {
"function_hash": "92816308606384892745323279276534051820",
"length": 369.0
},
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
"target": {
"file": "src/imagew-jpeg.c",
"function": "iwjpeg_scan_exif"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2017-9207-6b4d7506"
},
{
"digest": {
"function_hash": "102884252120242781080926159619191360597",
"length": 665.0
},
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
"target": {
"file": "src/imagew-jpeg.c",
"function": "get_exif_tag_dbl_value"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2017-9207-7b7c3fc0"
},
{
"digest": {
"function_hash": "131095719114595547989694215081384224287",
"length": 510.0
},
"signature_type": "Function",
"source": "https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d",
"target": {
"file": "src/imagew-jpeg.c",
"function": "get_exif_tag_int_value"
},
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2017-9207-c1604b40"
}
]
}