A vulnerability was found in libfpx 1.3.1_p6. It has been classified as problematic. This affects the function CDirVector::GetTable of the file dirfunc.hxx of the component fpx Image Handler. The manipulation with an unknown input leads to a divide by zero vulnerability. CWE is classifying the issue as CWE-369. The product divides a value by zero. This is going to have an impact on availability. The summary by CVE is:

CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image.

The bug was discovered 08/09/2017. The weakness was shared 08/28/2017 (oss-sec). It is possible to read the advisory at openwall.com. This vulnerability is uniquely identified as CVE-2017-12924 since 08/17/2017. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Technical details of the vulnerability are known, but there is no available exploit. The attack technique deployed by this issue is T1499 according to MITRE ATT&CK.

The vulnerability was handled as a non-public zero-day exploit for at least 19 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The entries 105820, 105818, 105817 and 105816 are related to this item.

Productinfo

Name

• libfpx

Version

• 1.3.1_p6

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion