CVE-2017-9773

MEDIUM

Horde_Image 2.x - Denial of Service via Null Image Driver

Title source: llm
STIX 2.1

Description

Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory x_refsource_confirm
https://lists.horde.org/archives/announce/2017/001234.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2018/dsa-4276

Scores

CVSS v3 5.7
EPSS 0.0085
EPSS Percentile 53.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-20
Status published
Products (26)
horde/horde_image 2.0.0 (4 CPE variants)
horde/horde_image 2.0.1
horde/horde_image 2.0.2
horde/horde_image 2.0.3
horde/horde_image 2.0.4
horde/horde_image 2.0.5
horde/horde_image 2.0.6
horde/horde_image 2.0.7
horde/horde_image 2.0.9
horde/horde_image 2.1.0
... and 16 more
Published Jun 21, 2017
Tracked Since Feb 18, 2026