Common Weakness Enumeration

CWE-369

Allowed

Divide By Zero

Abstraction: Base · Status: Draft

The product divides a value by zero.

577 vulnerabilities reference this CWE, most recent first.

GHSA-J8QH-3XRQ-C825

Vulnerability from github – Published: 2021-05-21 14:28 – Updated: 2024-11-13 16:07
VLAI
Summary
Division by zero in TFLite's implementation of `OneHot`
Details

Impact

The implementation of the OneHot TFLite operator is vulnerable to a division by zero error:

int prefix_dim_size = 1;
for (int i = 0; i < op_context.axis; ++i) {
  prefix_dim_size *= op_context.indices->dims->data[i];
}
const int suffix_dim_size = NumElements(op_context.indices) / prefix_dim_size;

An attacker can craft a model such that at least one of the dimensions of indices would be 0. In turn, the prefix_dim_size value would become 0.

Patches

We have patched the issue in GitHub commit 3ebedd7e345453d68e279cfc3e4072648e5e12e5.

The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.4.0"
            },
            {
              "fixed": "2.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-29600"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-17T22:31:41Z",
    "nvd_published_at": "2021-05-14T20:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nThe implementation of the `OneHot` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/one_hot.cc#L68-L72):\n\n```cc\nint prefix_dim_size = 1;\nfor (int i = 0; i \u003c op_context.axis; ++i) {\n  prefix_dim_size *= op_context.indices-\u003edims-\u003edata[i];\n}\nconst int suffix_dim_size = NumElements(op_context.indices) / prefix_dim_size;\n```\n\nAn attacker can craft a model such that at least one of the dimensions of `indices` would be 0. In turn, the `prefix_dim_size` value would become 0.\n\n### Patches\nWe have patched the issue in GitHub commit [3ebedd7e345453d68e279cfc3e4072648e5e12e5](https://github.com/tensorflow/tensorflow/commit/3ebedd7e345453d68e279cfc3e4072648e5e12e5).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-j8qh-3xrq-c825",
  "modified": "2024-11-13T16:07:47Z",
  "published": "2021-05-21T14:28:04Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8qh-3xrq-c825"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29600"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/3ebedd7e345453d68e279cfc3e4072648e5e12e5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-528.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-726.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-237.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/one_hot.cc#L68-L72"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Division by zero in TFLite\u0027s implementation of `OneHot`"
}

GHSA-JGP7-74RH-R6JV

Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 21:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

wifi: rtw89: fix potential zero beacon interval in beacon tracking

During fuzz testing, it was discovered that bss_conf->beacon_int might be zero, which could result in a division by zero error in subsequent calculations. Set a default value of 100 TU if the interval is zero to ensure stability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-43267"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-06T12:16:47Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix potential zero beacon interval in beacon tracking\n\nDuring fuzz testing, it was discovered that bss_conf-\u003ebeacon_int\nmight be zero, which could result in a division by zero error in\nsubsequent calculations. Set a default value of 100 TU if the\ninterval is zero to ensure stability.",
  "id": "GHSA-jgp7-74rh-r6jv",
  "modified": "2026-05-08T21:31:21Z",
  "published": "2026-05-06T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43267"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1260bee01493126cf9c872b6ca2af261173baa6d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/e00c9a4ec84c0bb067833b34202f457badbbc1c1"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/eb57be32f438c57c88d6ce756101c1dfbcc03bba"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JH5R-M3QC-3584

Vulnerability from github – Published: 2025-10-01 09:30 – Updated: 2026-01-16 21:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()

Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application".

DAMON's RECLAIM and LRU_SORT modules perform no validation on user-configured parameters during application, which may lead to division-by-zero errors.

Avoid the divide-by-zero by adding validation checks when DAMON modules attempt to apply the parameters.

This patch (of 2):

During the calculation of 'hot_thres' and 'cold_thres', either 'sample_interval' or 'aggr_interval' is used as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. Additionally, since 'aggr_interval' is already required to be set no smaller than 'sample_interval' in damon_set_attrs(), only the case where 'sample_interval' is zero needs to be checked.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-39909"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-01T08:15:33Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()\n\nPatch series \"mm/damon: avoid divide-by-zero in DAMON module\u0027s parameters\napplication\".\n\nDAMON\u0027s RECLAIM and LRU_SORT modules perform no validation on\nuser-configured parameters during application, which may lead to\ndivision-by-zero errors.\n\nAvoid the divide-by-zero by adding validation checks when DAMON modules\nattempt to apply the parameters.\n\n\nThis patch (of 2):\n\nDuring the calculation of \u0027hot_thres\u0027 and \u0027cold_thres\u0027, either\n\u0027sample_interval\u0027 or \u0027aggr_interval\u0027 is used as the divisor, which may\nlead to division-by-zero errors.  Fix it by directly returning -EINVAL\nwhen such a case occurs.  Additionally, since \u0027aggr_interval\u0027 is already\nrequired to be set no smaller than \u0027sample_interval\u0027 in damon_set_attrs(),\nonly the case where \u0027sample_interval\u0027 is zero needs to be checked.",
  "id": "GHSA-jh5r-m3qc-3584",
  "modified": "2026-01-16T21:30:27Z",
  "published": "2025-10-01T09:30:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39909"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/326a4b3750c71af3f3c52399ec4dbe33b6da4c26"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/711f19dfd783ffb37ca4324388b9c4cb87e71363"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/74e391f7da7d9d5235a3cca88ee9fc18f720c75b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7bb675c9f0257840d33e5d1337d7e3afdd74a6bf"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/af0ae62b935317bed1a1361c8c9579db9d300e70"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JHR6-5FQF-6P96

Vulnerability from github – Published: 2023-07-17 21:31 – Updated: 2024-04-04 06:11
VLAI
Details

stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37769"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-07-17T20:15:13Z",
    "severity": "MODERATE"
  },
  "details": "stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.",
  "id": "GHSA-jhr6-5fqf-6p96",
  "modified": "2024-04-04T06:11:35Z",
  "published": "2023-07-17T21:31:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37769"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.freedesktop.org/pixman/pixman/-/issues/76"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JM68-FPMR-8J2G

Vulnerability from github – Published: 2024-01-03 09:30 – Updated: 2024-11-22 18:18
VLAI
Summary
PaddlePaddle floating point exception in paddle.linalg.matrix_rank
Details

FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "PaddlePaddle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-38675"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-03T21:52:39Z",
    "nvd_published_at": "2024-01-03T09:15:08Z",
    "severity": "MODERATE"
  },
  "details": "FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n",
  "id": "GHSA-jm68-fpmr-8j2g",
  "modified": "2024-11-22T18:18:26Z",
  "published": "2024-01-03T09:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38675"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/PaddlePaddle/Paddle"
    },
    {
      "type": "WEB",
      "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PaddlePaddle floating point exception in paddle.linalg.matrix_rank"
}

GHSA-JM6V-6QC3-X6HH

Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2025-04-20 03:34
VLAI
Details

The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-6833"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-20T16:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.",
  "id": "GHSA-jm6v-6qc3-x6hh",
  "modified": "2025-04-20T03:34:32Z",
  "published": "2022-05-17T00:26:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6833"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mpruett/audiofile/issues/37"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mpruett/audiofile/pull/42"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3814"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2017/03/13/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JP84-4RQR-29C5

Vulnerability from github – Published: 2026-07-04 15:30 – Updated: 2026-07-04 15:30
VLAI
Details

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-14629"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-04T14:16:29Z",
    "severity": "LOW"
  },
  "details": "A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.",
  "id": "GHSA-jp84-4rqr-29c5",
  "modified": "2026-07-04T15:30:23Z",
  "published": "2026-07-04T15:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14629"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RT-Thread/rt-thread/issues/11429"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RT-Thread/rt-thread/pull/11453"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RT-Thread/rt-thread"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/cve/CVE-2026-14629"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/845610"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/376145"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/376145/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JQHH-G8Q4-PP8J

Vulnerability from github – Published: 2022-05-14 00:57 – Updated: 2022-05-14 00:57
VLAI
Details

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-10019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-25T00:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.",
  "id": "GHSA-jqhh-g8q4-pp8j",
  "modified": "2022-05-14T00:57:26Z",
  "published": "2022-05-14T00:57:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10019"
    },
    {
      "type": "WEB",
      "url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41275"
    },
    {
      "type": "WEB",
      "url": "https://usn.ubuntu.com/4042-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JRGP-6Q23-4HG8

Vulnerability from github – Published: 2022-05-14 03:55 – Updated: 2025-04-20 03:32
VLAI
Details

The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-8691"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-15T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.",
  "id": "GHSA-jrgp-6q23-4hg8",
  "modified": "2025-04-20T03:32:56Z",
  "published": "2022-05-14T03:55:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8691"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:1208"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385502"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-3785"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/08/23/6"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/10/16/14"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/93593"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JX23-R23X-QC23

Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2022-08-28 00:00
VLAI
Details

An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-27802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-369"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-25T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.",
  "id": "GHSA-jx23-r23x-qc23",
  "modified": "2022-08-28T00:00:28Z",
  "published": "2022-08-26T00:03:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27802"
    },
    {
      "type": "WEB",
      "url": "https://github.com/upx/upx/issues/393"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.