CVE-2017-9773
MEDIUMHorde_Image 2.x - Denial of Service via Null Image Driver
Title source: llmDescription
Denial of Service was found in Horde_Image 2.x before 2.5.0 via a crafted URL to the "Null" image driver.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_confirm
https://lists.horde.org/archives/announce/2017/001234.html
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4276
Scores
CVSS v3
5.7
EPSS
0.0085
EPSS Percentile
53.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (26)
horde/horde_image
2.0.0 (4 CPE variants)
horde/horde_image
2.0.1
horde/horde_image
2.0.2
horde/horde_image
2.0.3
horde/horde_image
2.0.4
horde/horde_image
2.0.5
horde/horde_image
2.0.6
horde/horde_image
2.0.7
horde/horde_image
2.0.9
horde/horde_image
2.1.0
... and 16 more
Published
Jun 21, 2017
Tracked Since
Feb 18, 2026