CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-J8QH-3XRQ-C825
Vulnerability from github – Published: 2021-05-21 14:28 – Updated: 2024-11-13 16:07Impact
The implementation of the OneHot TFLite operator is vulnerable to a division by zero error:
int prefix_dim_size = 1;
for (int i = 0; i < op_context.axis; ++i) {
prefix_dim_size *= op_context.indices->dims->data[i];
}
const int suffix_dim_size = NumElements(op_context.indices) / prefix_dim_size;
An attacker can craft a model such that at least one of the dimensions of indices would be 0. In turn, the prefix_dim_size value would become 0.
Patches
We have patched the issue in GitHub commit 3ebedd7e345453d68e279cfc3e4072648e5e12e5.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29600"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-17T22:31:41Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nThe implementation of the `OneHot` TFLite operator is [vulnerable to a division by zero error](https://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/one_hot.cc#L68-L72):\n\n```cc\nint prefix_dim_size = 1;\nfor (int i = 0; i \u003c op_context.axis; ++i) {\n prefix_dim_size *= op_context.indices-\u003edims-\u003edata[i];\n}\nconst int suffix_dim_size = NumElements(op_context.indices) / prefix_dim_size;\n```\n\nAn attacker can craft a model such that at least one of the dimensions of `indices` would be 0. In turn, the `prefix_dim_size` value would become 0.\n\n### Patches\nWe have patched the issue in GitHub commit [3ebedd7e345453d68e279cfc3e4072648e5e12e5](https://github.com/tensorflow/tensorflow/commit/3ebedd7e345453d68e279cfc3e4072648e5e12e5).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-j8qh-3xrq-c825",
"modified": "2024-11-13T16:07:47Z",
"published": "2021-05-21T14:28:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j8qh-3xrq-c825"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29600"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/3ebedd7e345453d68e279cfc3e4072648e5e12e5"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-528.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-726.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-237.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/f61c57bd425878be108ec787f4d96390579fb83e/tensorflow/lite/kernels/one_hot.cc#L68-L72"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by zero in TFLite\u0027s implementation of `OneHot`"
}
GHSA-JGP7-74RH-R6JV
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-08 21:31In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw89: fix potential zero beacon interval in beacon tracking
During fuzz testing, it was discovered that bss_conf->beacon_int might be zero, which could result in a division by zero error in subsequent calculations. Set a default value of 100 TU if the interval is zero to ensure stability.
{
"affected": [],
"aliases": [
"CVE-2026-43267"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:47Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw89: fix potential zero beacon interval in beacon tracking\n\nDuring fuzz testing, it was discovered that bss_conf-\u003ebeacon_int\nmight be zero, which could result in a division by zero error in\nsubsequent calculations. Set a default value of 100 TU if the\ninterval is zero to ensure stability.",
"id": "GHSA-jgp7-74rh-r6jv",
"modified": "2026-05-08T21:31:21Z",
"published": "2026-05-06T12:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43267"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1260bee01493126cf9c872b6ca2af261173baa6d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e00c9a4ec84c0bb067833b34202f457badbbc1c1"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/eb57be32f438c57c88d6ce756101c1dfbcc03bba"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JH5R-M3QC-3584
Vulnerability from github – Published: 2025-10-01 09:30 – Updated: 2026-01-16 21:30In the Linux kernel, the following vulnerability has been resolved:
mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()
Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application".
DAMON's RECLAIM and LRU_SORT modules perform no validation on user-configured parameters during application, which may lead to division-by-zero errors.
Avoid the divide-by-zero by adding validation checks when DAMON modules attempt to apply the parameters.
This patch (of 2):
During the calculation of 'hot_thres' and 'cold_thres', either 'sample_interval' or 'aggr_interval' is used as the divisor, which may lead to division-by-zero errors. Fix it by directly returning -EINVAL when such a case occurs. Additionally, since 'aggr_interval' is already required to be set no smaller than 'sample_interval' in damon_set_attrs(), only the case where 'sample_interval' is zero needs to be checked.
{
"affected": [],
"aliases": [
"CVE-2025-39909"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T08:15:33Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()\n\nPatch series \"mm/damon: avoid divide-by-zero in DAMON module\u0027s parameters\napplication\".\n\nDAMON\u0027s RECLAIM and LRU_SORT modules perform no validation on\nuser-configured parameters during application, which may lead to\ndivision-by-zero errors.\n\nAvoid the divide-by-zero by adding validation checks when DAMON modules\nattempt to apply the parameters.\n\n\nThis patch (of 2):\n\nDuring the calculation of \u0027hot_thres\u0027 and \u0027cold_thres\u0027, either\n\u0027sample_interval\u0027 or \u0027aggr_interval\u0027 is used as the divisor, which may\nlead to division-by-zero errors. Fix it by directly returning -EINVAL\nwhen such a case occurs. Additionally, since \u0027aggr_interval\u0027 is already\nrequired to be set no smaller than \u0027sample_interval\u0027 in damon_set_attrs(),\nonly the case where \u0027sample_interval\u0027 is zero needs to be checked.",
"id": "GHSA-jh5r-m3qc-3584",
"modified": "2026-01-16T21:30:27Z",
"published": "2025-10-01T09:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-39909"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/326a4b3750c71af3f3c52399ec4dbe33b6da4c26"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/711f19dfd783ffb37ca4324388b9c4cb87e71363"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74e391f7da7d9d5235a3cca88ee9fc18f720c75b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7bb675c9f0257840d33e5d1337d7e3afdd74a6bf"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/af0ae62b935317bed1a1361c8c9579db9d300e70"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JHR6-5FQF-6P96
Vulnerability from github – Published: 2023-07-17 21:31 – Updated: 2024-04-04 06:11stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.
{
"affected": [],
"aliases": [
"CVE-2023-37769"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-17T20:15:13Z",
"severity": "MODERATE"
},
"details": "stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.",
"id": "GHSA-jhr6-5fqf-6p96",
"modified": "2024-04-04T06:11:35Z",
"published": "2023-07-17T21:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37769"
},
{
"type": "WEB",
"url": "https://gitlab.freedesktop.org/pixman/pixman/-/issues/76"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JM68-FPMR-8J2G
Vulnerability from github – Published: 2024-01-03 09:30 – Updated: 2024-11-22 18:18FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "PaddlePaddle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-38675"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-03T21:52:39Z",
"nvd_published_at": "2024-01-03T09:15:08Z",
"severity": "MODERATE"
},
"details": "FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n",
"id": "GHSA-jm68-fpmr-8j2g",
"modified": "2024-11-22T18:18:26Z",
"published": "2024-01-03T09:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38675"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/commit/690ffe814dbfc5054d4e92df878687fd638fe3a5"
},
{
"type": "PACKAGE",
"url": "https://github.com/PaddlePaddle/Paddle"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-130.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "PaddlePaddle floating point exception in paddle.linalg.matrix_rank"
}
GHSA-JM6V-6QC3-X6HH
Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2025-04-20 03:34The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.
{
"affected": [],
"aliases": [
"CVE-2017-6833"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-20T16:59:00Z",
"severity": "MODERATE"
},
"details": "The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a crafted file.",
"id": "GHSA-jm6v-6qc3-x6hh",
"modified": "2025-04-20T03:34:32Z",
"published": "2022-05-17T00:26:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6833"
},
{
"type": "WEB",
"url": "https://github.com/mpruett/audiofile/issues/37"
},
{
"type": "WEB",
"url": "https://github.com/mpruett/audiofile/pull/42"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3814"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2017/03/13/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JP84-4RQR-29C5
Vulnerability from github – Published: 2026-07-04 15:30 – Updated: 2026-07-04 15:30A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
{
"affected": [],
"aliases": [
"CVE-2026-14629"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-04T14:16:29Z",
"severity": "LOW"
},
"details": "A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.",
"id": "GHSA-jp84-4rqr-29c5",
"modified": "2026-07-04T15:30:23Z",
"published": "2026-07-04T15:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-14629"
},
{
"type": "WEB",
"url": "https://github.com/RT-Thread/rt-thread/issues/11429"
},
{
"type": "WEB",
"url": "https://github.com/RT-Thread/rt-thread/pull/11453"
},
{
"type": "WEB",
"url": "https://github.com/RT-Thread/rt-thread"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-14629"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/845610"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/376145"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/376145/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-JQHH-G8Q4-PP8J
Vulnerability from github – Published: 2022-05-14 00:57 – Updated: 2022-05-14 00:57An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
{
"affected": [],
"aliases": [
"CVE-2019-10019"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-25T00:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.",
"id": "GHSA-jqhh-g8q4-pp8j",
"modified": "2022-05-14T00:57:26Z",
"published": "2022-05-14T00:57:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10019"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41275"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4042-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JRGP-6Q23-4HG8
Vulnerability from github – Published: 2022-05-14 03:55 – Updated: 2025-04-20 03:32The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.
{
"affected": [],
"aliases": [
"CVE-2016-8691"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-02-15T19:59:00Z",
"severity": "MODERATE"
},
"details": "The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer before 1.900.4 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted XRsiz value in a BMP image to the imginfo command.",
"id": "GHSA-jrgp-6q23-4hg8",
"modified": "2025-04-20T03:32:56Z",
"published": "2022-05-14T03:55:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8691"
},
{
"type": "WEB",
"url": "https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1385502"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THLEZURI4D24PRM7SMASC5I25IAWXXTM"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3785"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/08/23/6"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/10/16/14"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93593"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-JX23-R23X-QC23
Vulnerability from github – Published: 2022-08-26 00:03 – Updated: 2022-08-28 00:00An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.
{
"affected": [],
"aliases": [
"CVE-2020-27802"
],
"database_specific": {
"cwe_ids": [
"CWE-119",
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-25T20:15:00Z",
"severity": "MODERATE"
},
"details": "An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.",
"id": "GHSA-jx23-r23x-qc23",
"modified": "2022-08-28T00:00:28Z",
"published": "2022-08-26T00:03:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27802"
},
{
"type": "WEB",
"url": "https://github.com/upx/upx/issues/393"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.