FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pear-Horde_Image -- DoS vulnerability

Affected packages
2.3.0 < pear-Horde_Image < 2.5.0

Details

VuXML ID 00e4050b-56c1-11e7-8e66-08606e46faad
Discovery 2017-06-21
Entry 2017-06-21

Michael J Rubinsky reports:

The second vulnerability (CVE-2017-9773) is a DOS vulnerability. This only affects Horde installations that do not have a configured image handling backend, and thus use the "Null" image driver. It is exploitable by a logged in user clicking on a maliciously crafted URL.

References

CVE Name CVE-2017-9773
URL https://lists.horde.org/archives/announce/2017/001234.html