| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-1010315 |
369 |
|
|
2019-07-11 |
2019-07-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
WavPack 5.1 and earlier is affected by: CWE 369: Divide by Zero. The impact is: Divide by zero can lead to sudden crash of a software/service that tries to parse a .wav file. The component is: ParseDsdiffHeaderConfig (dsdiff.c:282). The attack vector is: Maliciously crafted .wav file. The fixed version is: After commit https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc. |
|
2 |
CVE-2019-16228 |
369 |
|
|
2019-09-11 |
2019-10-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in py-lmdb 0.97. There is a divide-by-zero error in the function mdb_env_open2 if mdb_env_read_header obtains a zero value for a certain size field. NOTE: this outcome occurs when accessing a data.mdb file supplied by an attacker. |
|
3 |
CVE-2019-16168 |
369 |
|
|
2019-09-09 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner." |
|
4 |
CVE-2019-15939 |
369 |
|
|
2019-09-05 |
2019-09-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp. |
|
5 |
CVE-2019-15133 |
369 |
|
|
2019-08-17 |
2019-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GIFLIB before 2019-02-16, a malformed GIF file triggers a divide-by-zero exception in the decoder function DGifSlurp in dgif_lib.c if the height field of the ImageSize data structure is equal to zero. |
|
6 |
CVE-2019-14981 |
369 |
|
DoS |
2019-08-12 |
2019-08-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is a divide-by-zero vulnerability in the MeanShiftImage function. It allows an attacker to cause a denial of service by sending a crafted file. |
|
7 |
CVE-2019-14535 |
369 |
|
|
2019-08-29 |
2019-09-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A divide-by-zero error exists in the SeekIndex function of demux/asf/asf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted WMV file. |
|
8 |
CVE-2019-14498 |
369 |
|
|
2019-08-29 |
2019-09-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A divide-by-zero error exists in the Control function of demux/caf.c in VideoLAN VLC media player 3.0.7.1. As a result, an FPE can be triggered via a crafted CAF file. |
|
9 |
CVE-2019-14494 |
369 |
|
|
2019-08-01 |
2019-08-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Poppler through 0.78.0. There is a divide-by-zero error in the function SplashOutputDev::tilingPatternFill at SplashOutputDev.cc. |
|
10 |
CVE-2019-14443 |
369 |
|
DoS |
2019-07-30 |
2019-07-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. |
|
11 |
CVE-2019-14284 |
369 |
|
DoS |
2019-07-26 |
2019-08-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default. |
|
12 |
CVE-2019-14249 |
369 |
|
DoS |
2019-07-24 |
2019-08-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service (division by zero) via an ELF file with a zero-size section group (SHT_GROUP), as demonstrated by dwarfdump. |
|
13 |
CVE-2019-13454 |
369 |
|
|
2019-07-09 |
2019-08-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c. |
|
14 |
CVE-2019-13390 |
369 |
|
|
2019-07-07 |
2019-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In FFmpeg 4.1.3, there is a division by zero at adx_write_trailer in libavformat/rawenc.c. |
|
15 |
CVE-2019-13218 |
369 |
|
DoS |
2019-08-15 |
2019-08-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Division by zero in the predict_point function in stb_vorbis through 2019-03-04 allows an attacker to cause a denial of service by opening a crafted Ogg Vorbis file. |
|
16 |
CVE-2019-11472 |
369 |
|
|
2019-04-23 |
2019-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ReadXWDImage in coders/xwd.c in the XWD image parsing component of ImageMagick 7.0.8-41 Q16 allows attackers to cause a denial-of-service (divide-by-zero error) by crafting an XWD image file in which the header indicates neither LSB first nor MSB first. |
|
17 |
CVE-2019-10023 |
369 |
|
|
2019-03-24 |
2019-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. |
|
18 |
CVE-2019-10021 |
369 |
|
|
2019-03-24 |
2019-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. |
|
19 |
CVE-2019-10019 |
369 |
|
|
2019-03-24 |
2019-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. |
|
20 |
CVE-2019-10018 |
369 |
|
|
2019-03-24 |
2019-06-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. |
|
21 |
CVE-2019-9084 |
369 |
|
DoS |
2019-06-07 |
2019-07-01 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product). |
|
22 |
CVE-2018-20845 |
369 |
|
DoS |
2019-06-26 |
2019-06-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). |
|
23 |
CVE-2018-20544 |
369 |
|
|
2018-12-28 |
2019-04-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. |
|
24 |
CVE-2018-19872 |
369 |
|
|
2019-03-21 |
2019-04-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp. |
|
25 |
CVE-2018-19628 |
369 |
|
|
2018-11-28 |
2018-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. |
|
26 |
CVE-2018-18521 |
369 |
|
DoS |
2018-10-19 |
2019-06-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. |
|
27 |
CVE-2018-18195 |
369 |
|
|
2018-10-09 |
2018-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp. |
|
28 |
CVE-2018-18190 |
369 |
|
|
2018-10-09 |
2018-11-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a divide-by-zero error in GPMF_ScaledData in GPMF_parser.c. |
|
29 |
CVE-2018-18058 |
369 |
|
|
2019-05-24 |
2019-05-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
An issue was discovered in Bitdefender Engines before 7.76662. A vulnerability has been discovered in the iso.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a division-by-zero circumstance. Paired with other vulnerabilities, this can result in denial-of-service. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|
30 |
CVE-2018-17438 |
369 |
|
DoS |
2018-09-24 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
|
31 |
CVE-2018-17434 |
369 |
|
DoS |
2018-09-24 |
2018-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
|
32 |
CVE-2018-17237 |
369 |
|
|
2018-09-20 |
2018-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. |
|
33 |
CVE-2018-17233 |
369 |
|
DoS |
2018-09-20 |
2018-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
|
34 |
CVE-2018-16523 |
369 |
|
|
2018-12-06 |
2019-01-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions. |
|
35 |
CVE-2018-14423 |
369 |
|
DoS |
2018-07-19 |
2019-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). |
|
36 |
CVE-2018-14395 |
369 |
|
DoS |
2018-07-19 |
2018-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. |
|
37 |
CVE-2018-14394 |
369 |
|
DoS |
2018-07-19 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. |
|
38 |
CVE-2018-13100 |
369 |
|
|
2018-07-03 |
2019-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. |
|
39 |
CVE-2018-11212 |
369 |
|
DoS |
2018-05-16 |
2019-06-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. |
|
40 |
CVE-2018-11207 |
369 |
|
DoS |
2018-05-16 |
2018-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. |
|
41 |
CVE-2018-11203 |
369 |
|
DoS |
2018-05-16 |
2018-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. |
|
42 |
CVE-2018-10016 |
369 |
|
|
2018-04-11 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. |
|
43 |
CVE-2018-9304 |
369 |
|
DoS |
2018-04-04 |
2018-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service. |
|
44 |
CVE-2018-9018 |
369 |
|
DoS |
2018-03-25 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
|
45 |
CVE-2018-5804 |
369 |
|
|
2018-12-07 |
2018-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. |
|
46 |
CVE-2018-2385 |
369 |
|
|
2018-02-14 |
2018-02-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services. |
|
47 |
CVE-2018-1152 |
369 |
|
DoS |
2018-06-18 |
2019-05-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. |
|
48 |
CVE-2017-1000414 |
369 |
|
DoS |
2018-01-25 |
2018-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service. |
|
49 |
CVE-2017-18360 |
369 |
|
DoS |
2019-01-31 |
2019-04-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates. |
|
50 |
CVE-2017-18207 |
369 |
|
DoS |
2018-03-01 |
2018-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions." |
