CVE-2021-28856
MEDIUMDeark < 1.5.8 - Denial of Service via Division by Zero in fmtutil.c
Title source: llmDescription
In Deark before v1.5.8, a specially crafted input file can cause a division by zero in (src/fmtutil.c) because of the value of pixelsize.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://fatihhcelik.github.io/posts/Division-By-Zero-Deark/
Patch, Third Party Advisory
https://github.com/jsummers/deark/commit/62acb7753b0e3c0d3ab3c15057b0a65222313334
Scores
CVSS v3
5.5
EPSS
0.0085
EPSS Percentile
53.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-369
Status
published
Products (1)
entropymine/deark
< 1.5.8
Published
Apr 14, 2021
Tracked Since
Feb 18, 2026