CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
579 vulnerabilities reference this CWE, most recent first.
GHSA-746F-27CQ-G8FJ
Vulnerability from github – Published: 2022-05-17 02:20 – Updated: 2022-05-17 02:20The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.
{
"affected": [],
"aliases": [
"CVE-2017-11546"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-31T13:29:00Z",
"severity": "MODERATE"
},
"details": "The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a crash might be relevant when using the --background option.",
"id": "GHSA-746f-27cq-g8fj",
"modified": "2022-05-17T02:20:33Z",
"published": "2022-05-17T02:20:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11546"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2017/Jul/83"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-747G-7PF6-5Q6P
Vulnerability from github – Published: 2025-09-24 15:31 – Updated: 2025-09-24 15:31NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. A successful exploit of this vulnerability may lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-23273"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-24T14:15:47Z",
"severity": "LOW"
},
"details": "NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted JPEG file. A successful exploit of this vulnerability may lead to denial of service.",
"id": "GHSA-747g-7pf6-5q6p",
"modified": "2025-09-24T15:31:13Z",
"published": "2025-09-24T15:31:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23273"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5661"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23273"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-74CG-P8Q3-4C3Q
Vulnerability from github – Published: 2026-07-01 15:35 – Updated: 2026-07-01 15:35FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.
{
"affected": [],
"aliases": [
"CVE-2026-6683"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T15:17:12Z",
"severity": "MODERATE"
},
"details": "FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes n_fatent - 2 to be zero during write/sync operations. This maps to CWE-369 (Divide By Zero). Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (4.6, Medium). Network-delivered update media can make this remote in some pipelines. The estimated CISA SSVC vectors are Exploitation: PoC, Technical Impact: Partial.",
"id": "GHSA-74cg-p8q3-4c3q",
"modified": "2026-07-01T15:35:20Z",
"published": "2026-07-01T15:35:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6683"
},
{
"type": "WEB",
"url": "https://elm-chan.org/fsw/ff"
},
{
"type": "WEB",
"url": "https://github.com/runZeroInc/vulns-2026-fatfs-chance"
},
{
"type": "WEB",
"url": "https://www.runzero.com/advisories/fatfs-exfat-divide-by-zero-cve-2026-6683"
},
{
"type": "WEB",
"url": "https://www.runzero.com/blog/fatfs-bugs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-74X6-C8F2-MFPM
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.
{
"affected": [],
"aliases": [
"CVE-2018-19872"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-21T16:00:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Qt 5.11. A malformed PPM image causes a division by zero and a crash in qppmhandler.cpp.",
"id": "GHSA-74x6-c8f2-mfpm",
"modified": "2022-05-13T01:16:05Z",
"published": "2022-05-13T01:16:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19872"
},
{
"type": "WEB",
"url": "https://bugreports.qt.io/browse/QTBUG-69449"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00023.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00024.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2C5FHCR4A636BLTAXL76WWDJLOAHGNYG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FO7IBY7YYKNMRD5OI3JNNUI42WEM7NUV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XS6G3ZDFCHWFQD4CFXWFPHREOHBBDTD7"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4275-1"
},
{
"type": "WEB",
"url": "http://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00080.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-765F-R4FQ-WX9X
Vulnerability from github – Published: 2022-05-14 03:18 – Updated: 2022-05-14 03:18A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.
{
"affected": [],
"aliases": [
"CVE-2018-11203"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-16T15:29:00Z",
"severity": "MODERATE"
},
"details": "A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack.",
"id": "GHSA-765f-r4fq-wx9x",
"modified": "2022-05-14T03:18:06Z",
"published": "2022-05-14T03:18:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11203"
},
{
"type": "WEB",
"url": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-76W3-FGP7-3HF7
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-05-12 21:31In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash()
Commit 38a6f0865796 ("net: sched: support hash selecting tx queue") added SKBEDIT_F_TXQ_SKBHASH support. The inclusive range size is computed as:
mapping_mod = queue_mapping_max - queue_mapping + 1;
The range size can be 65536 when the requested range covers all possible u16 queue IDs (e.g. queue_mapping=0 and queue_mapping_max=U16_MAX). That value cannot be represented in a u16 and previously wrapped to 0, so tcf_skbedit_hash() could trigger a divide-by-zero:
queue_mapping += skb_get_hash(skb) % params->mapping_mod;
Compute mapping_mod in a wider type and reject ranges larger than U16_MAX to prevent params->mapping_mod from becoming 0 and avoid the crash.
{
"affected": [],
"aliases": [
"CVE-2026-43238"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T12:16:44Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash()\n\nCommit 38a6f0865796 (\"net: sched: support hash selecting tx queue\")\nadded SKBEDIT_F_TXQ_SKBHASH support. The inclusive range size is\ncomputed as:\n\nmapping_mod = queue_mapping_max - queue_mapping + 1;\n\nThe range size can be 65536 when the requested range covers all possible\nu16 queue IDs (e.g. queue_mapping=0 and queue_mapping_max=U16_MAX).\nThat value cannot be represented in a u16 and previously wrapped to 0,\nso tcf_skbedit_hash() could trigger a divide-by-zero:\n\nqueue_mapping += skb_get_hash(skb) % params-\u003emapping_mod;\n\nCompute mapping_mod in a wider type and reject ranges larger than U16_MAX\nto prevent params-\u003emapping_mod from becoming 0 and avoid the crash.",
"id": "GHSA-76w3-fgp7-3hf7",
"modified": "2026-05-12T21:31:26Z",
"published": "2026-05-06T12:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43238"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/015cebdfcb97b5347fb7f598ea712a281cb35840"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3c2b95b26860bd6f8e2310d31ea1200d3f8f173e"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4ece5eb4836f8ff03b9004dc2430a7169f282851"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/59809fda4da7730cfe84a948033f47eb45db073d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9c735a7d98c982a786b0db71eb6566ee00aaa04f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/be054cc66f739a9ba615dba9012a07fab8e7dd6f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-772P-X54P-HJRV
Vulnerability from github – Published: 2021-05-21 14:21 – Updated: 2024-10-28 21:26Impact
A malicious user could trigger a division by 0 in Conv3D implementation:
import tensorflow as tf
input_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32)
filter_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32)
tf.raw_ops.Conv3D(input=input_tensor, filter=filter_tensor, strides=[1, 56, 56, 56, 1], padding='VALID', data_format='NDHWC', dilations=[1, 1, 1, 23, 1])
The implementation does a modulo operation based on user controlled input:
const int64 out_depth = filter.dim_size(4);
OP_REQUIRES(context, in_depth % filter_depth == 0, ...);
Thus, when filter has a 0 as the fifth element, this results in a division by 0.
Additionally, if the shape of the two tensors is not valid, an Eigen assertion can be triggered, resulting in a program crash:
import tensorflow as tf
input_tensor = tf.constant([], shape=[2, 2, 2, 2, 0], dtype=tf.float32)
filter_tensor = tf.constant([], shape=[0, 0, 2, 6, 2], dtype=tf.float32)
tf.raw_ops.Conv3D(input=input_tensor, filter=filter_tensor, strides=[1, 56, 39, 34, 1], padding='VALID', data_format='NDHWC', dilations=[1, 1, 1, 1, 1])
The shape of the two tensors must follow the constraints specified in the op description.
Patches
We have patched the issue in GitHub commit 799f835a3dfa00a4d852defa29b15841eea9d64f.
The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.2.0"
},
{
"fixed": "2.2.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.3.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.0"
},
{
"fixed": "2.4.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-29517"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-18T23:32:11Z",
"nvd_published_at": "2021-05-14T20:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nA malicious user could trigger a division by 0 in `Conv3D` implementation:\n\n```python\nimport tensorflow as tf\n\ninput_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32)\nfilter_tensor = tf.constant([], shape=[0, 0, 0, 0, 0], dtype=tf.float32)\n\ntf.raw_ops.Conv3D(input=input_tensor, filter=filter_tensor, strides=[1, 56, 56, 56, 1], padding=\u0027VALID\u0027, data_format=\u0027NDHWC\u0027, dilations=[1, 1, 1, 23, 1])\n```\n\nThe [implementation](https://github.com/tensorflow/tensorflow/blob/42033603003965bffac51ae171b51801565e002d/tensorflow/core/kernels/conv_ops_3d.cc#L143-L145) does a modulo operation based on user controlled input:\n\n```cc\n const int64 out_depth = filter.dim_size(4);\n OP_REQUIRES(context, in_depth % filter_depth == 0, ...);\n```\n\nThus, when `filter` has a 0 as the fifth element, this results in a division by 0.\n\nAdditionally, if the shape of the two tensors is not valid, an Eigen assertion can be triggered, resulting in a program crash:\n\n```python\nimport tensorflow as tf\n\ninput_tensor = tf.constant([], shape=[2, 2, 2, 2, 0], dtype=tf.float32)\nfilter_tensor = tf.constant([], shape=[0, 0, 2, 6, 2], dtype=tf.float32)\n\ntf.raw_ops.Conv3D(input=input_tensor, filter=filter_tensor, strides=[1, 56, 39, 34, 1], padding=\u0027VALID\u0027, data_format=\u0027NDHWC\u0027, dilations=[1, 1, 1, 1, 1])\n```\n\nThe shape of the two tensors must follow the constraints specified in the [op description](https://www.tensorflow.org/api_docs/python/tf/raw_ops/Conv3D).\n\n### Patches\nWe have patched the issue in GitHub commit [799f835a3dfa00a4d852defa29b15841eea9d64f](https://github.com/tensorflow/tensorflow/commit/799f835a3dfa00a4d852defa29b15841eea9d64f).\n\nThe fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yakun Zhang and Ying Wang of Baidu X-Team.",
"id": "GHSA-772p-x54p-hjrv",
"modified": "2024-10-28T21:26:22Z",
"published": "2021-05-21T14:21:01Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-772p-x54p-hjrv"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29517"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/799f835a3dfa00a4d852defa29b15841eea9d64f"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-445.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-643.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-154.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by zero in `Conv3D`"
}
GHSA-779V-R8GR-3GPC
Vulnerability from github – Published: 2022-05-14 03:46 – Updated: 2022-05-14 03:46In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.
{
"affected": [],
"aliases": [
"CVE-2017-15266"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-11T17:29:00Z",
"severity": "MODERATE"
},
"details": "In GNU Libextractor 1.4, there is a Divide-By-Zero in EXTRACTOR_wav_extract_method in wav_extractor.c via a zero sample rate.",
"id": "GHSA-779v-r8gr-3gpc",
"modified": "2022-05-14T03:46:34Z",
"published": "2022-05-14T03:46:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15266"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1499599"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html"
},
{
"type": "WEB",
"url": "http://openwall.com/lists/oss-security/2017/10/11/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101271"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78WM-7588-C232
Vulnerability from github – Published: 2022-05-24 19:08 – Updated: 2023-09-29 12:30Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85.
{
"affected": [],
"aliases": [
"CVE-2021-27847"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-15T16:15:00Z",
"severity": "MODERATE"
},
"details": "Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85.",
"id": "GHSA-78wm-7588-c232",
"modified": "2023-09-29T12:30:16Z",
"published": "2022-05-24T19:08:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27847"
},
{
"type": "WEB",
"url": "https://github.com/libvips/libvips/issues/1236"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-78WM-M59P-255G
Vulnerability from github – Published: 2026-07-02 00:31 – Updated: 2026-07-02 15:32A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
{
"affected": [],
"aliases": [
"CVE-2026-36911"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T22:16:48Z",
"severity": "MODERATE"
},
"details": "A division-by-zero vulnerability in the CStreamSwitcherOutputPin::DecideBufferSize function of Aleksoid1978 MPC-BE before commit 4341cb3 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.",
"id": "GHSA-78wm-m59p-255g",
"modified": "2026-07-02T15:32:03Z",
"published": "2026-07-02T00:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-36911"
},
{
"type": "WEB",
"url": "https://github.com/Aleksoid1978/MPC-BE/issues/1062"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.