CVE-2017-14232

CWE-3993 documents3 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 52.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Jasper Project Jasper Flif Flif

Timeline

PublishedAug 15

Latest updateMay 24

Description

The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDflif/flif0.3

▶NVDjasper_project/jasper2.0.16

🔴Vulnerability Details

GHSA

GHSA-mv74-39qc-wvxg: The read_chunk function in flif-dec↗2022-05-24

▶

CVEList

CVE-2017-14232: The read_chunk function in flif-dec↗2019-08-15

▶