Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

579 vulnerabilities reference this CWE, most recent first.

GHSA-6H77-2HC9-QM3W

Vulnerability from github – Published: 2023-08-08 18:30 – Updated: 2024-06-10 18:30
VLAI
Details

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20588"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T18:15:11Z",
    "severity": "MODERATE"
  },
  "details": "\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.\u00a0\n\n\n\n\n\n\n\n",
  "id": "GHSA-6h77-2hc9-qm3w",
  "modified": "2024-06-10T18:30:49Z",
  "published": "2023-08-08T18:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20588"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AGZCACEHT6ZZZGG36QQMGROBM4FLWYJX"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOYP4ZOBML4RCUM3MHRFZUQL445MZM3"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJTUVYZMP6BNF342DS3W7XGOGXC6JPN5"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240531-0005"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7007"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5480"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2023/dsa-5492"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/25/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/25/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/25/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/25/7"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/25/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/26/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/26/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/26/9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/09/27/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/12"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/13"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/14"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/15"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/16"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/03/9"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/04/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/04/2"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/04/3"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/10/04/4"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-439.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6HPV-V2RX-C5G6

Vulnerability from github – Published: 2021-11-10 19:02 – Updated: 2024-11-07 22:19
VLAI
Summary
FPE in convolutions with zero size filters
Details

Impact

The implementations for convolution operators trigger a division by 0 if passed empty filter tensor arguments.

Patches

We have patched the issue in GitHub commit f2c3931113eaafe9ef558faaddd48e00a6606235.

The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.6.0"
            },
            {
              "fixed": "2.6.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.5.0"
            },
            {
              "fixed": "2.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.4.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-11-08T22:36:05Z",
    "nvd_published_at": "2021-11-05T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nThe [implementations for convolution operators](https://github.com/tensorflow/tensorflow/blob/8d72537c6abf5a44103b57b9c2e22c14f5f49698/tensorflow/core/kernels/conv_ops.cc) trigger a division by 0 if passed empty filter tensor arguments.\n\n### Patches\nWe have patched the issue in GitHub commit [f2c3931113eaafe9ef558faaddd48e00a6606235](https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235).\n  \nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-6hpv-v2rx-c5g6",
  "modified": "2024-11-07T22:19:55Z",
  "published": "2021-11-10T19:02:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hpv-v2rx-c5g6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41209"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/f2c3931113eaafe9ef558faaddd48e00a6606235"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-618.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-816.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-401.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "FPE in convolutions with zero size filters"
}

GHSA-6JJ7-2576-P556

Vulnerability from github – Published: 2026-01-28 21:31 – Updated: 2026-01-29 21:30
VLAI
Details

A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-71005"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-01-28T21:16:09Z",
    "severity": "MODERATE"
  },
  "details": "A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.",
  "id": "GHSA-6jj7-2576-p556",
  "modified": "2026-01-29T21:30:30Z",
  "published": "2026-01-28T21:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71005"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Oneflow-Inc/oneflow/issues/10654"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Daisy2ang"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6JJ7-XF98-RXHG

Vulnerability from github – Published: 2026-06-01 00:30 – Updated: 2026-06-01 00:30
VLAI
Details

A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The project tagged the reported issue as bug.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-10201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T00:16:41Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was determined in Assimp up to 6.0.4. This vulnerability affects the function FBXExporter::WriteObjects of the file FBXExporter.cpp of the component UV Channel Handler. Executing a manipulation can lead to divide by zero. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. Applying a patch is advised to resolve this issue. The project tagged the reported issue as bug.",
  "id": "GHSA-6jj7-xf98-rxhg",
  "modified": "2026-06-01T00:30:22Z",
  "published": "2026-06-01T00:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10201"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp/issues/6613"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp"
    },
    {
      "type": "WEB",
      "url": "https://github.com/user-attachments/files/27153727/poc.zip"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-10201"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/821182"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/367481"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/367481/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6Q3P-M444-94QP

Vulnerability from github – Published: 2025-03-21 15:31 – Updated: 2025-03-21 15:31
VLAI
Details

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2591"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-21T14:15:16Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.",
  "id": "GHSA-6q3p-m444-94qp",
  "modified": "2025-03-21T15:31:15Z",
  "published": "2025-03-21T15:31:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2591"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp/issues/6009"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp/issues/6009#issue-2877367021"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp/pull/6047"
    },
    {
      "type": "WEB",
      "url": "https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.300574"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.300574"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.517781"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6Q5H-Q7W3-MF7C

Vulnerability from github – Published: 2022-05-04 00:28 – Updated: 2025-04-11 03:57
VLAI
Details

The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-0207"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-05-17T11:00:00Z",
    "severity": "HIGH"
  },
  "details": "The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.",
  "id": "GHSA-6q5h-q7w3-mf7c",
  "modified": "2025-04-11T03:57:43Z",
  "published": "2022-05-04T00:28:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0207"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/25c413ad0029ea86008234be28aee33456e53e5b"
    },
    {
      "type": "WEB",
      "url": "https://github.com/torvalds/linux/commit/a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=772867"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    },
    {
      "type": "WEB",
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a8c1f65c79cbbb2f7da782d4c9d15639a9b94b27"
    },
    {
      "type": "WEB",
      "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/01/10/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6V2F-3V36-M3VQ

Vulnerability from github – Published: 2022-05-14 01:30 – Updated: 2022-05-14 01:30
VLAI
Details

In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7156"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-29T08:29:00Z",
    "severity": "MODERATE"
  },
  "details": "In libdoc through 2019-01-28, calcFileBlockOffset in ole.c allows division by zero.",
  "id": "GHSA-6v2f-3v36-m3vq",
  "modified": "2022-05-14T01:30:36Z",
  "published": "2022-05-14T01:30:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7156"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uvoteam/libdoc/issues/5"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106813"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6V49-9GJ6-JWWC

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2025-04-20 03:49
VLAI
Details

The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-17381"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-07T02:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings.",
  "id": "GHSA-6v49-9gj6-jwwc",
  "modified": "2025-04-20T03:49:36Z",
  "published": "2022-05-13T01:13:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17381"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/3575-1"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/12/05/2"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102059"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6W33-G59H-852H

Vulnerability from github – Published: 2023-06-03 00:30 – Updated: 2024-04-04 04:31
VLAI
Details

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.

This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3044"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-02T23:15:09Z",
    "severity": "LOW"
  },
  "details": "An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf\u0027s text extraction code.\n\n\n\n\nThis is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.\n\n\n",
  "id": "GHSA-6w33-g59h-852h",
  "modified": "2024-04-04T04:31:06Z",
  "published": "2023-06-03T00:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3044"
    },
    {
      "type": "WEB",
      "url": "https://github.com/baker221/poc-xpdf"
    },
    {
      "type": "WEB",
      "url": "https://www.xpdfreader.com/security-bug/CVE-2023-3044.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6XX8-4XH5-JH9W

Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2022-05-24 19:08
VLAI
Details

A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-15T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A Divide-by-zero vulnerability exists in JasPer Image Coding Toolkit 2.0 in jasper/src/libjasper/jpc/jpc_enc.c",
  "id": "GHSA-6xx8-4xh5-jh9w",
  "modified": "2022-05-24T19:08:11Z",
  "published": "2022-05-24T19:08:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27845"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jasper-software/jasper/issues/194"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.