CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-PWG2-P5WP-G395
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
{
"affected": [],
"aliases": [
"CVE-2020-27661"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-02T16:15:00Z",
"severity": "MODERATE"
},
"details": "A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-dwc2.c in the hcd-dwc2 USB host controller emulation of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.",
"id": "GHSA-pwg2-p5wp-g395",
"modified": "2022-05-24T19:03:51Z",
"published": "2022-05-24T19:03:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27661"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890653"
},
{
"type": "WEB",
"url": "https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03"
},
{
"type": "WEB",
"url": "https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210720-0010"
},
{
"type": "WEB",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1770368.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q29R-3C7H-XRH3
Vulnerability from github – Published: 2022-03-12 00:00 – Updated: 2022-03-19 00:01Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
{
"affected": [],
"aliases": [
"CVE-2022-0909"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-11T18:15:00Z",
"severity": "MODERATE"
},
"details": "Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.",
"id": "GHSA-q29r-3c7h-xrh3",
"modified": "2022-03-19T00:01:14Z",
"published": "2022-03-12T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0909"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0909.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/393"
},
{
"type": "WEB",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/310"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNT2GFNRLOMKJ5KXM6JIHKBNBFDVZPD3"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZQ4E654ZYUUUQNBKYQFXNK2CV3CPWTM2"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-10"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220506-0002"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5108"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q4RW-J2J6-J8C5
Vulnerability from github – Published: 2022-05-14 01:57 – Updated: 2022-05-14 01:57A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2018-17233"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-20T06:29:00Z",
"severity": "MODERATE"
},
"details": "A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.",
"id": "GHSA-q4rw-j2j6-j8c5",
"modified": "2022-05-14T01:57:28Z",
"published": "2022-05-14T01:57:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17233"
},
{
"type": "WEB",
"url": "https://github.com/SegfaultMasters/covering360/tree/master/HDF5/vuln2#divided-by-zero---h5d__create_chunk_file_map_hyper_div_zero"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00009.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q5JV-M6QW-5G37
Vulnerability from github – Published: 2022-09-16 22:11 – Updated: 2022-09-19 19:10Impact
If Conv2D is given empty input and the filter and padding sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack.
import tensorflow as tf
import numpy as np
with tf.device("CPU"): # also can be triggerred on GPU
input = np.ones([1, 0, 2, 1])
filter = np.ones([1, 1, 1, 1])
strides = ([1, 1, 1, 1])
padding = "EXPLICIT"
explicit_paddings = [0 , 0, 1, 1, 1, 1, 0, 0]
data_format = "NHWC"
res = tf.raw_ops.Conv2D(
input=input,
filter=filter,
strides=strides,
padding=padding,
explicit_paddings=explicit_paddings,
data_format=data_format,
)
Patches
We have patched the issue in GitHub commit 611d80db29dd7b0cfb755772c69d60ae5bca05f9.
The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Jingyi Shi.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.8.0"
},
{
"fixed": "2.8.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.9.0"
},
{
"fixed": "2.9.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-35996"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-16T22:11:10Z",
"nvd_published_at": "2022-09-16T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nIf `Conv2D` is given empty `input` and the `filter` and `padding` sizes are valid, the output is all-zeros. This causes division-by-zero floating point exceptions that can be used to trigger a denial of service attack.\n```python\nimport tensorflow as tf\nimport numpy as np\nwith tf.device(\"CPU\"): # also can be triggerred on GPU\n input = np.ones([1, 0, 2, 1])\n filter = np.ones([1, 1, 1, 1])\n strides = ([1, 1, 1, 1])\n padding = \"EXPLICIT\"\n explicit_paddings = [0 , 0, 1, 1, 1, 1, 0, 0]\n data_format = \"NHWC\"\n res = tf.raw_ops.Conv2D(\n input=input,\n filter=filter,\n strides=strides,\n padding=padding,\n explicit_paddings=explicit_paddings,\n data_format=data_format,\n )\n```\n\n### Patches\nWe have patched the issue in GitHub commit [611d80db29dd7b0cfb755772c69d60ae5bca05f9](https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9).\n\nThe fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range.\n\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n\n### Attribution\nThis vulnerability has been reported by Jingyi Shi.\n",
"id": "GHSA-q5jv-m6qw-5g37",
"modified": "2022-09-19T19:10:43Z",
"published": "2022-09-16T22:11:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q5jv-m6qw-5g37"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35996"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/611d80db29dd7b0cfb755772c69d60ae5bca05f9"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "TensorFlow vulnerable to floating point exception in `Conv2D`"
}
GHSA-Q5P2-HFGH-RCQR
Vulnerability from github – Published: 2022-05-13 01:54 – Updated: 2025-04-20 03:38imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.
{
"affected": [],
"aliases": [
"CVE-2017-9202"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-23T04:29:00Z",
"severity": "MODERATE"
},
"details": "imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c.",
"id": "GHSA-q5p2-hfgh-rcqr",
"modified": "2025-04-20T03:38:10Z",
"published": "2022-05-13T01:54:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9202"
},
{
"type": "WEB",
"url": "https://github.com/jsummers/imageworsener/commit/dc49c807926b96e503bd7c0dec35119eecd6c6fe"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q76V-8F8C-4C2J
Vulnerability from github – Published: 2023-09-11 06:30 – Updated: 2023-11-04 06:34QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
{
"affected": [],
"aliases": [
"CVE-2023-42467"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-11T04:15:10Z",
"severity": "MODERATE"
},
"details": "QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s-\u003eqdev.blocksize from being 256. This stops QEMU and the guest immediately.",
"id": "GHSA-q76v-8f8c-4c2j",
"modified": "2023-11-04T06:34:05Z",
"published": "2023-09-11T06:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42467"
},
{
"type": "WEB",
"url": "https://gitlab.com/qemu-project/qemu/-/commit/7cfcc79b0ab800959716738aff9419f53fc68c9c"
},
{
"type": "WEB",
"url": "https://gitlab.com/qemu-project/qemu/-/issues/1813"
},
{
"type": "WEB",
"url": "https://gitlab.com/thuth/qemu/-/commit/3f91104484e5bf55b56d7e1b039a4a5a17d0c1a7"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20231103-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q7F7-544H-67H9
Vulnerability from github – Published: 2021-08-25 14:40 – Updated: 2024-11-13 21:17Impact
The implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0.
Patches
We have patched the issue in GitHub commit dfa22b348b70bb89d6d6ec0ff53973bacb4f4695.
The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by members of the Aivul Team from Qihoo 360.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.5.0"
]
}
],
"aliases": [
"CVE-2021-37684"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-24T17:13:21Z",
"nvd_published_at": "2021-08-12T23:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nThe implementations of pooling in TFLite are vulnerable to division by 0 errors as there are no checks for divisors not being 0.\n\n### Patches \nWe have patched the issue in GitHub commit [dfa22b348b70bb89d6d6ec0ff53973bacb4f4695](https://github.com/tensorflow/tensorflow/commit/dfa22b348b70bb89d6d6ec0ff53973bacb4f4695).\n\nThe fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
"id": "GHSA-q7f7-544h-67h9",
"modified": "2024-11-13T21:17:06Z",
"published": "2021-08-25T14:40:13Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q7f7-544h-67h9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37684"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-597.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-795.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-306.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "FPE in TFLite pooling operations"
}
GHSA-Q7R2-FQ2F-675V
Vulnerability from github – Published: 2022-05-14 00:57 – Updated: 2022-05-14 00:57An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
{
"affected": [],
"aliases": [
"CVE-2019-10021"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-25T00:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.",
"id": "GHSA-q7r2-fq2f-675v",
"modified": "2022-05-14T00:57:26Z",
"published": "2022-05-14T00:57:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10021"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3\u0026t=41274"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4042-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q94W-F7GQ-Q946
Vulnerability from github – Published: 2023-05-11 21:30 – Updated: 2024-04-04 04:02In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
{
"affected": [],
"aliases": [
"CVE-2023-2662"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-11T21:15:09Z",
"severity": "MODERATE"
},
"details": "In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.\n\n\n",
"id": "GHSA-q94w-f7gq-q946",
"modified": "2024-04-04T04:02:53Z",
"published": "2023-05-11T21:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2662"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42505"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q9CG-7392-75CW
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.
{
"affected": [],
"aliases": [
"CVE-2021-27550"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-23T15:15:00Z",
"severity": "MODERATE"
},
"details": "Polaris Office v9.102.66 is affected by a divide-by-zero error in PolarisOffice.exe and EngineDLL.dll that may cause a local denial of service. To exploit the vulnerability, someone must open a crafted PDF file.",
"id": "GHSA-q9cg-7392-75cw",
"modified": "2022-05-24T17:42:57Z",
"published": "2022-05-24T17:42:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27550"
},
{
"type": "WEB",
"url": "https://gist.github.com/sqrtrev/1f9986d4bdd1393832c60a97b56e170a"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.