| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-20544 |
369 |
|
|
2018-12-28 |
2019-01-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
There is floating point exception at caca/dither.c (function caca_dither_bitmap) in libcaca 0.99.beta19. |
|
2 |
CVE-2018-19628 |
369 |
|
|
2018-11-28 |
2018-12-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. |
|
3 |
CVE-2018-18521 |
369 |
|
DoS |
2018-10-19 |
2019-01-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Divide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled. |
|
4 |
CVE-2018-18195 |
369 |
|
|
2018-10-09 |
2018-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue discovered in libgig 4.1.0. There is an FPE (divide-by-zero error) in DLS::Sample::Sample in DLS.cpp. |
|
5 |
CVE-2018-18190 |
369 |
|
|
2018-10-09 |
2018-11-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in GoPro gpmf-parser before 1.2.1. There is a divide-by-zero error in GPMF_ScaledData in GPMF_parser.c. |
|
6 |
CVE-2018-17438 |
369 |
|
DoS |
2018-09-24 |
2018-11-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
|
7 |
CVE-2018-17434 |
369 |
|
DoS |
2018-09-24 |
2018-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
|
8 |
CVE-2018-17237 |
369 |
|
|
2018-09-20 |
2018-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A SIGFPE signal is raised in the function H5D__chunk_set_info_real() of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. This issue is different from CVE-2018-11207. |
|
9 |
CVE-2018-17233 |
369 |
|
DoS |
2018-09-20 |
2018-11-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A SIGFPE signal is raised in the function H5D__create_chunk_file_map_hyper() of H5Dchunk.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack. |
|
10 |
CVE-2018-16523 |
369 |
|
|
2018-12-06 |
2019-01-03 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component allow division by zero in prvCheckOptions. |
|
11 |
CVE-2018-14423 |
369 |
|
DoS |
2018-07-19 |
2018-12-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of service (application crash). |
|
12 |
CVE-2018-14395 |
369 |
|
DoS |
2018-07-19 |
2018-09-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the MOV audio format. |
|
13 |
CVE-2018-14394 |
369 |
|
DoS |
2018-07-19 |
2019-01-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. |
|
14 |
CVE-2018-13785 |
369 |
|
DoS Overflow |
2018-07-09 |
2018-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. |
|
15 |
CVE-2018-13100 |
369 |
|
|
2018-07-03 |
2018-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.17.3, which does not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error. |
|
16 |
CVE-2018-11212 |
369 |
|
DoS |
2018-05-16 |
2019-01-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file. |
|
17 |
CVE-2018-11207 |
369 |
|
DoS |
2018-05-16 |
2018-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. |
|
18 |
CVE-2018-11203 |
369 |
|
DoS |
2018-05-16 |
2018-06-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack. |
|
19 |
CVE-2018-10016 |
369 |
|
|
2018-04-11 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file. |
|
20 |
CVE-2018-9304 |
369 |
|
DoS |
2018-04-04 |
2018-11-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service. |
|
21 |
CVE-2018-9018 |
369 |
|
DoS |
2018-03-25 |
2018-10-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage function of coders/png.c. Remote attackers could leverage this vulnerability to cause a crash and denial of service via a crafted mng file. |
|
22 |
CVE-2018-5804 |
369 |
|
|
2018-12-07 |
2018-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero. |
|
23 |
CVE-2018-2385 |
369 |
|
|
2018-02-14 |
2018-02-27 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Under certain conditions a malicious user provoking a divide by zero crash can prevent legitimate users from accessing the SAP Internet Graphics Server, 7.20, 7.20EXT, 7.45, 7.49, 7.53, and its services. |
|
24 |
CVE-2018-1152 |
369 |
|
DoS |
2018-06-18 |
2019-01-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image. |
|
25 |
CVE-2017-1000414 |
369 |
|
DoS |
2018-01-25 |
2018-02-08 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service. |
|
26 |
CVE-2017-18207 |
369 |
|
DoS |
2018-03-01 |
2018-03-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py in Python through 3.6.4 does not ensure a nonzero channel value, which allows attackers to cause a denial of service (divide-by-zero and exception) via a crafted wav format audio file. NOTE: the vendor disputes this issue because Python applications "need to be prepared to handle a wide variety of exceptions." |
|
27 |
CVE-2017-17508 |
369 |
|
|
2017-12-10 |
2017-12-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. |
|
28 |
CVE-2017-17381 |
369 |
|
DoS |
2017-12-06 |
2018-05-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. |
|
29 |
CVE-2017-17054 |
369 |
|
|
2017-11-29 |
2017-12-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In aubio 0.4.6, a divide-by-zero error exists in the function new_aubio_source_wavread() in source_wavread.c, which may lead to DoS when playing a crafted audio file. |
|
30 |
CVE-2017-16942 |
369 |
|
|
2017-11-25 |
2017-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. |
|
31 |
CVE-2017-16890 |
369 |
|
|
2018-07-09 |
2018-09-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
SWFTools 0.9.2 has a divide-by-zero error in the wav_convert2mono function in lib/wav.c because the align value may be zero. |
|
32 |
CVE-2017-16650 |
369 |
|
DoS |
2017-11-07 |
2018-08-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. |
|
33 |
CVE-2017-16649 |
369 |
|
DoS |
2017-11-07 |
2018-11-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. |
|
34 |
CVE-2017-15266 |
369 |
|
|
2017-10-11 |
2018-02-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate. |
|
35 |
CVE-2017-15025 |
369 |
|
DoS |
2017-10-04 |
2017-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted ELF file. |
|
36 |
CVE-2017-14634 |
369 |
|
|
2017-09-21 |
2018-12-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. |
|
37 |
CVE-2017-14249 |
369 |
|
DoS |
2017-09-11 |
2018-06-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. |
|
38 |
CVE-2017-14106 |
369 |
|
DoS |
2017-09-01 |
2018-07-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. |
|
39 |
CVE-2017-12924 |
369 |
|
DoS |
2017-08-28 |
2017-09-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image. |
|
40 |
CVE-2017-11720 |
369 |
|
|
2017-07-28 |
2017-08-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file. |
|
41 |
CVE-2017-11546 |
369 |
|
DoS |
2017-07-31 |
2017-08-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option. |
|
42 |
CVE-2017-11464 |
369 |
|
|
2017-07-19 |
2017-07-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero. |
|
43 |
CVE-2017-11359 |
369 |
|
DoS |
2017-07-31 |
2018-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted snd file, during conversion to a wav file. |
|
44 |
CVE-2017-11332 |
369 |
|
DoS |
2017-07-31 |
2018-10-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file. |
|
45 |
CVE-2017-9344 |
369 |
|
|
2017-06-02 |
2017-07-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP dissector could divide by zero. This was addressed in epan/dissectors/packet-btl2cap.c by validating an interval value. |
|
46 |
CVE-2017-9302 |
369 |
|
DoS |
2017-05-29 |
2017-06-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file. |
|
47 |
CVE-2017-9239 |
369 |
|
|
2017-05-26 |
2019-01-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. |
|
48 |
CVE-2017-9202 |
369 |
|
DoS |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. |
|
49 |
CVE-2017-9201 |
369 |
|
DoS |
2017-05-23 |
2017-05-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. |
|
50 |
CVE-2017-8842 |
369 |
|
DoS |
2017-05-08 |
2017-05-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in lrzip 0.631 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted archive. |
