CWE-369
AllowedDivide By Zero
Abstraction: Base · Status: Draft
The product divides a value by zero.
577 vulnerabilities reference this CWE, most recent first.
GHSA-RMG3-42QR-2VRH
Vulnerability from github – Published: 2022-05-14 03:36 – Updated: 2025-04-20 03:35The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
{
"affected": [],
"aliases": [
"CVE-2017-7595"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-04-09T14:59:00Z",
"severity": "MODERATE"
},
"details": "The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.",
"id": "GHSA-rmg3-42qr-2vrh",
"modified": "2025-04-20T03:35:38Z",
"published": "2022-05-14T03:36:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7595"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201709-27"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3602-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3844"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/97501"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RPQ9-H75R-MCCG
Vulnerability from github – Published: 2022-03-26 00:00 – Updated: 2022-04-05 00:01In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y; and chroma.green.y * (X + Z))) / d; but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.
{
"affected": [],
"aliases": [
"CVE-2021-3941"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-25T19:15:00Z",
"severity": "MODERATE"
},
"details": "In ImfChromaticities.cpp routine RGBtoXYZ(), there are some division operations such as `float Z = (1 - chroma.white.x - chroma.white.y) * Y / chroma.white.y;` and `chroma.green.y * (X + Z))) / d;` but the divisor is not checked for a 0 value. A specially crafted file could trigger a divide-by-zero condition which could affect the availability of programs linked with OpenEXR.",
"id": "GHSA-rpq9-h75r-mccg",
"modified": "2022-04-05T00:01:01Z",
"published": "2022-03-26T00:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3941"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019789"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I2JSMJ7HLWFPYYV7IAQZD5ZUUUN7RWBN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202210-31"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5299"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RQVX-R948-46Q2
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2023-03-12 00:30A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.
{
"affected": [],
"aliases": [
"CVE-2020-27763"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-03T17:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.",
"id": "GHSA-rqvx-r948-46q2",
"modified": "2023-03-12T00:30:16Z",
"published": "2022-05-24T17:35:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27763"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894682"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/03/msg00008.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-RQXG-44WV-F888
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service.
{
"affected": [],
"aliases": [
"CVE-2020-20448"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-25T18:15:00Z",
"severity": "MODERATE"
},
"details": "FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/ratecontrol.c, which allows a remote malicious user to cause a Denial of Service.",
"id": "GHSA-rqxg-44wv-f888",
"modified": "2022-05-24T19:03:10Z",
"published": "2022-05-24T19:03:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-20448"
},
{
"type": "WEB",
"url": "https://trac.ffmpeg.org/ticket/7990"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RWJH-WVC7-P2GM
Vulnerability from github – Published: 2022-05-24 17:17 – Updated: 2023-01-27 21:31exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
{
"affected": [],
"aliases": [
"CVE-2020-12767"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-09T21:15:00Z",
"severity": "HIGH"
},
"details": "exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.",
"id": "GHSA-rwjh-wvc7-p2gm",
"modified": "2023-01-27T21:31:14Z",
"published": "2022-05-24T17:17:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12767"
},
{
"type": "WEB",
"url": "https://github.com/libexif/libexif/issues/31"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00016.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-05"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4358-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00017.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RX2R-Q96C-W5CC
Vulnerability from github – Published: 2024-01-03 09:30 – Updated: 2024-11-22 18:17FPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "PaddlePaddle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-52305"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-03T21:55:32Z",
"nvd_published_at": "2024-01-03T09:15:09Z",
"severity": "MODERATE"
},
"details": "FPE in paddle.topk\u00a0in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.\n\n\n\n",
"id": "GHSA-rx2r-q96c-w5cc",
"modified": "2024-11-22T18:17:05Z",
"published": "2024-01-03T09:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52305"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/commit/19da5c0c4d8c5e4dfef2a92e24141c3f51884dcc"
},
{
"type": "PACKAGE",
"url": "https://github.com/PaddlePaddle/Paddle"
},
{
"type": "WEB",
"url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/paddlepaddle/PYSEC-2024-137.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "PaddlePaddle floating point exception in paddle.topk"
}
GHSA-RXQQ-PVX6-72WC
Vulnerability from github – Published: 2022-05-14 03:05 – Updated: 2025-04-20 03:48The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
{
"affected": [],
"aliases": [
"CVE-2017-16650"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-11-07T23:29:00Z",
"severity": "HIGH"
},
"details": "The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.",
"id": "GHSA-rxqq-pvx6-72wc",
"modified": "2025-04-20T03:48:09Z",
"published": "2022-05-14T03:05:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16650"
},
{
"type": "WEB",
"url": "https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ"
},
{
"type": "WEB",
"url": "https://patchwork.ozlabs.org/patch/834770"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3617-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3617-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3617-3"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3619-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3619-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3754-1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101791"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V2PF-J76R-XQH4
Vulnerability from github – Published: 2024-12-27 15:31 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
ad7780: fix division by zero in ad7780_write_raw()
In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info's write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not specified to be non-zero.
{
"affected": [],
"aliases": [
"CVE-2024-56567"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-27T15:15:15Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nad7780: fix division by zero in ad7780_write_raw()\n\nIn the ad7780_write_raw() , val2 can be zero, which might lead to a\ndivision by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw()\nis based on iio_info\u0027s write_raw. While val is explicitly declared that\ncan be zero (in read mode), val2 is not specified to be non-zero.",
"id": "GHSA-v2pf-j76r-xqh4",
"modified": "2025-11-03T21:31:51Z",
"published": "2024-12-27T15:31:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56567"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/022e13518ba6cc1b4fdd291f49e4f57b2d5718e0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/18fb33df1de83a014d7f784089f9b124facc157f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/68e79b848196a0b0ec006009cc69da1f835d1ae8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7e3a8ea3d1ada7f707de5d9d504774b4191eab66"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/afc1e3c00b3f5f0b4f1bc3e974fb9803cb938a90"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c174b53e95adf2eece2afc56cd9798374919f99a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f25a9f1df1f6738acf1fa05595fb6060a2c08ff1"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V3F7-J968-4H5F
Vulnerability from github – Published: 2022-02-10 00:15 – Updated: 2024-11-13 22:08Impact
The estimator for the cost of some convolution operations can be made to execute a division by 0:
import tensorflow as tf
@tf.function
def test():
y=tf.raw_ops.AvgPoolGrad(
orig_input_shape=[1,1,1,1],
grad=[[[[1.0],[1.0],[1.0]]],[[[2.0],[2.0],[2.0]]],[[[3.0],[3.0],[3.0]]]],
ksize=[1,1,1,1],
strides=[1,1,1,0],
padding='VALID',
data_format='NCHW')
return y
test()
The function fails to check that the stride argument is stricly positive:
int64_t GetOutputSize(const int64_t input, const int64_t filter,
const int64_t stride, const Padding& padding) {
// Logic for calculating output shape is from GetWindowedOutputSizeVerbose()
// function in third_party/tensorflow/core/framework/common_shape_fns.cc.
if (padding == Padding::VALID) {
return (input - filter + stride) / stride;
} else { // SAME.
return (input + stride - 1) / stride;
}
}
Hence, the fix is to add a check for the stride argument to ensure it is valid.
Patches
We have patched the issue in GitHub commit 3218043d6d3a019756607643cf65574fbfef5d7a.
The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by Yu Tian of Qihoo 360 AIVul Team.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.7.0"
},
{
"fixed": "2.7.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.7.0"
]
}
],
"aliases": [
"CVE-2022-21725"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": true,
"github_reviewed_at": "2022-02-03T18:05:56Z",
"nvd_published_at": "2022-02-03T13:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact \nThe [estimator for the cost of some convolution operations](https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198) can be made to execute a division by 0:\n\n```python\nimport tensorflow as tf\n\n@tf.function\ndef test():\n y=tf.raw_ops.AvgPoolGrad(\n orig_input_shape=[1,1,1,1],\n grad=[[[[1.0],[1.0],[1.0]]],[[[2.0],[2.0],[2.0]]],[[[3.0],[3.0],[3.0]]]],\n ksize=[1,1,1,1],\n strides=[1,1,1,0],\n padding=\u0027VALID\u0027,\n data_format=\u0027NCHW\u0027)\n return y\n\ntest()\n```\n\nThe function fails to check that the stride argument is stricly positive:\n\n```cc\nint64_t GetOutputSize(const int64_t input, const int64_t filter,\n const int64_t stride, const Padding\u0026 padding) {\n // Logic for calculating output shape is from GetWindowedOutputSizeVerbose() \n // function in third_party/tensorflow/core/framework/common_shape_fns.cc.\n if (padding == Padding::VALID) {\n return (input - filter + stride) / stride;\n } else { // SAME.\n return (input + stride - 1) / stride;\n }\n} \n```\n\nHence, the fix is to add a check for the stride argument to ensure it is valid.\n\n### Patches\nWe have patched the issue in GitHub commit [3218043d6d3a019756607643cf65574fbfef5d7a](https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a).\n\nThe fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by Yu Tian of Qihoo 360 AIVul Team.",
"id": "GHSA-v3f7-j968-4h5f",
"modified": "2024-11-13T22:08:22Z",
"published": "2022-02-10T00:15:07Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v3f7-j968-4h5f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21725"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/3218043d6d3a019756607643cf65574fbfef5d7a"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-49.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-104.yaml"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/blob/ffa202a17ab7a4a10182b746d230ea66f021fe16/tensorflow/core/grappler/costs/op_level_cost_estimator.cc#L189-L198"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Division by zero in Tensorflow"
}
GHSA-V3PH-GJWW-6W58
Vulnerability from github – Published: 2022-05-17 01:22 – Updated: 2025-04-20 03:41There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.
{
"affected": [],
"aliases": [
"CVE-2017-11720"
],
"database_specific": {
"cwe_ids": [
"CWE-369"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-28T14:29:00Z",
"severity": "CRITICAL"
},
"details": "There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.",
"id": "GHSA-v3ph-gjww-6w58",
"modified": "2025-04-20T03:41:34Z",
"published": "2022-05-17T01:22:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11720"
},
{
"type": "WEB",
"url": "https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/777159"
},
{
"type": "WEB",
"url": "https://sourceforge.net/p/lame/bugs/460"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.