Vulnerability CVE-2017-14232: Information

Description

The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.

Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-14232
Published: Aug. 15, 2019
Modified: Oct. 22, 2019
Error type identifier: CWE-399

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
libflifsisyphus0.4-alt10.4-alt1ALT-PU-2024-4694-2343861Fixed
libflifsisyphus_e2k0.4-alt10.4-alt1ALT-PU-2024-4801-1-Fixed
libflifsisyphus_riscv640.4-alt10.4-alt1ALT-PU-2024-4798-1-Fixed
libflifsisyphus_loongarch640.4-alt10.4-alt1ALT-PU-2024-4780-1-Fixed
libflifc10f10.4-alt10.4-alt1ALT-PU-2024-4911-2344218Fixed
libflifc9f20.4-alt10.4-alt1ALT-PU-2024-4724-2343880Fixed
libjaspersisyphus2.0.19-alt14.2.3-alt1ALT-PU-2020-2721-1257246Fixed
libjasperp102.0.19-alt12.0.33-alt2ALT-PU-2020-2721-1257246Fixed
libjasperp92.0.19-alt12.0.22-alt1ALT-PU-2020-2988-1259123Fixed
libjasperc10f12.0.19-alt12.0.32-alt1ALT-PU-2020-2721-1257246Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://cxsecurity.com/cveshow/CVE-2017-14232
    N/A

        1. Configuration 1

          cpe:2.3:a:flif:flif:0.3:*:*:*:*:*:*:*
          cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*
          End including
          2.0.16
      VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
      Version: v24.5.1
      Back to top