{"id":"CVE-2017-9206","details":"The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c.","modified":"2026-03-14T09:26:53.096544Z","published":"2017-05-23T04:29:04.617Z","references":[{"type":"FIX","url":"https://blogs.gentoo.org/ago/2017/05/20/imageworsener-multiple-vulnerabilities/"},{"type":"FIX","url":"https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jsummers/imageworsener","events":[{"introduced":"0"},{"last_affected":"e2f74906e9cca95ee48e7f019436b9635eab30ba"},{"fixed":"b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.1"}]}}],"versions":["0.9.0","0.9.1","0.9.10","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.8","0.9.9","1.0.0","1.1.0","1.2.0","1.3.0","1.3.1"],"database_specific":{"vanir_signatures":[{"digest":{"length":912,"function_hash":"189543805727686735004239999632055257490"},"signature_version":"v1","signature_type":"Function","deprecated":false,"target":{"file":"src/imagew-jpeg.c","function":"iwjpeg_scan_exif_ifd"},"source":"https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d","id":"CVE-2017-9206-2fb7bc0d"},{"digest":{"line_hashes":["231300748759818284572325872434159436029","226175450860525757779219916364051760414","91153269694969210530224734252833994583","49243017465166593327793879307707183223","296857793544256294142748696335854382298","171266172158948150107999830146592426111","43938948650739357532391427045333006793","203923397525115215041168222842222080867","323833074291161316519123328201216519466","31812105361227687258585745138192128848","291973743221944831683559998392691347313","253300396543670967600888005270192931369","237061372942045664785298193388847743296","258110848929861067744466146564241412749","63265811084733727446616558781483360664","36720230997305855295828544864425758277","313759727473586201900013473242506341628","74612022230049358943370264316009344382","88424805846917211345932220489386190161","300122041215508441111502776222475448210","2535314221248833476377543388243801949","310929460626106324500083087964831861481","177074718092710794398936458828359210267","61106757982923237106503820466804813200","331953995551661443101130030723151794325","182201557618690315899268849329881616582","241617664636091048771393755827531143248","86680155130273121684120836636374626123","257365050955589147749223116132440364439","266689625931267424291875201197666104440","59769448256500668962173062886230444827","263169688927278563196808220042406703586","43806283704345761708955443232548315823","150121237868648580059808525004041226306","34318421377181552269693102730545939355","105773099354199557106913784020969511509","49880482028084808827871803785000521176","225844974470859662102783442682607225253","214176252870881304793183620522928460758","114091110698356175087885538596340639549"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","deprecated":false,"target":{"file":"src/imagew-jpeg.c"},"source":"https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d","id":"CVE-2017-9206-63511cf9"},{"digest":{"length":369,"function_hash":"92816308606384892745323279276534051820"},"signature_version":"v1","signature_type":"Function","deprecated":false,"target":{"file":"src/imagew-jpeg.c","function":"iwjpeg_scan_exif"},"source":"https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d","id":"CVE-2017-9206-6b4d7506"},{"digest":{"length":665,"function_hash":"102884252120242781080926159619191360597"},"signature_version":"v1","signature_type":"Function","deprecated":false,"target":{"file":"src/imagew-jpeg.c","function":"get_exif_tag_dbl_value"},"source":"https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d","id":"CVE-2017-9206-7b7c3fc0"},{"digest":{"length":510,"function_hash":"131095719114595547989694215081384224287"},"signature_version":"v1","signature_type":"Function","deprecated":false,"target":{"file":"src/imagew-jpeg.c","function":"get_exif_tag_int_value"},"source":"https://github.com/jsummers/imageworsener/commit/b45cb1b665a14b0175b9cb1502ef7168e1fe0d5d","id":"CVE-2017-9206-c1604b40"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-9206.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}