CVE-2017-9207 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9207): The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. CVE-2017-9206 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9206): The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted image, related to imagew-jpeg.c. CVE-2017-9205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9205): The iw_get_ui16be function in imagew-util.c:422:24 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. CVE-2017-9204 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9204): The iw_get_ui16le function in imagew-util.c:405:23 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (invalid read and SEGV) via a crafted image, related to imagew-jpeg.c. CVE-2017-9203 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9203): imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c. CVE-2017-9202 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9202): imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. CVE-2017-9201 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9201): imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. CVE-2017-9094 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9094): The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image. CVE-2017-9093 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9093): The my_skip_input_data_fn function in imagew-jpeg.c in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted image.
@Maintainer please call for stabilization when ready. Thank you
(In reply to Christopher Díaz from comment #1) > @Maintainer please call for stabilization when ready. No objections, no known open bugs. Adding arches: amd64, x86
(In reply to Sebastian Pipping from comment #2) > No objections, no known open bugs. > > Adding arches: amd64, x86 @Arches please test and mark stable
x86 stable
amd64 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA Vote: No
@maintainer, please clean the vulnerable version from the tree.
Simple cleanup. Tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1477e2bd144f4151b87f1122ceebc3ed0b60b659