Undefined Behavior in libimageworsener.a: Remote Denial of Service and Potential Impact via Crafted Image

Undefined Behavior in libimageworsener.a: Remote Denial of Service and Potential Impact via Crafted Image

CVE-2017-8326 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c.

Learn more about our Web Application Penetration Testing UK.