CWE-369
Divide By Zero
BaseDraftLikelihood: Medium
Description
The product divides a value by zero.
This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (119)
page 2 of 6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-10506 | Med | 0.43 | 6.5 | 0.04 | Aug 30, 2017 | Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, opj_pi_next_pcrl, and opj_pi_next_rpcl in pi.c in OpenJPEG before 2.2.0 allow remote attackers to cause a denial of service (application crash) via crafted j2k files. | |
| CVE-2026-42209 | Med | 0.42 | 6.5 | 0.00 | May 8, 2026 | FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_message_defer_timeout and set_retained_message_defer_timeout_spread are configured to non-default values, resulting in denial of service. If anonymous retained publishing is allowed, no authentication is required; otherwise, the attacker needs the corresponding publish permission. This issue has been patched in version 1.26.1. | |
| CVE-2025-54581 | Hig | 0.42 | 7.5 | 0.00 | Jul 30, 2025 | vproxy is an HTTP/HTTPS/SOCKS5 proxy server. In versions 2.3.3 and below, untrusted data is extracted from the user-controlled HTTP Proxy-Authorization header and passed to Extension::try_from and flows into parse_ttl_extension where it is parsed as a TTL value. If an attacker supplies a TTL of zero (e.g. by using a username such as 'configuredUser-ttl-0'), the modulo operation 'timestamp % ttl' will cause a division by zero panic, causing the server to crash causing a denial-of-service. This is fixed in version 2.4.0. | |
| CVE-2017-17508 | Med | 0.42 | 6.5 | 0.00 | Dec 11, 2017 | In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function H5T_set_loc in the H5T.c file in libhdf5.a. For example, h5dump would crash when someone opens a crafted hdf5 file. | |
| CVE-2017-17381 | Med | 0.42 | 6.5 | 0.00 | Dec 7, 2017 | The Virtio Vring implementation in QEMU allows local OS guest users to cause a denial of service (divide-by-zero error and QEMU process crash) by unsetting vring alignment while updating Virtio rings. | |
| CVE-2017-16942 | Med | 0.42 | 6.5 | 0.00 | Nov 25, 2017 | In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists in the function wav_w64_read_fmt_chunk() in wav_w64.c, which may lead to DoS when playing a crafted audio file. | |
| CVE-2017-14634 | Med | 0.42 | 6.5 | 0.01 | Sep 21, 2017 | In libsndfile 1.0.28, a divide-by-zero error exists in the function double64_init() in double64.c, which may lead to DoS when playing a crafted audio file. | |
| CVE-2017-14249 | Med | 0.42 | 6.5 | 0.01 | Sep 11, 2017 | ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in coders/mpc.c, leading to division by zero in GetPixelCacheTileSize in MagickCore/cache.c, allowing remote attackers to cause a denial of service via a crafted file. | |
| CVE-2017-12924 | Med | 0.42 | 6.5 | 0.00 | Aug 28, 2017 | CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image. | |
| CVE-2017-9239 | Med | 0.42 | 6.5 | 0.00 | May 26, 2017 | An issue was discovered in Exiv2 0.26. When the data structure of the structure ifd is incorrect, the program assigns pValue_ to 0x0, and the value of pValue() is 0x0. TiffImageEntry::doWriteImage will use the value of pValue() to cause a segmentation fault. To exploit this vulnerability, someone must open a crafted tiff file. | |
| CVE-2017-9202 | Med | 0.42 | 6.5 | 0.00 | May 23, 2017 | imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | |
| CVE-2017-9201 | Med | 0.42 | 6.5 | 0.00 | May 23, 2017 | imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted image, related to imagew-api.c. | |
| CVE-2016-7530 | Med | 0.42 | 6.5 | 0.02 | Apr 20, 2017 | The quantum handling code in ImageMagick allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds write) via a crafted file. | |
| CVE-2015-8504 | Med | 0.42 | 6.5 | 0.03 | Apr 11, 2017 | Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. | |
| CVE-2016-9921 | Med | 0.42 | 6.5 | 0.00 | Dec 23, 2016 | Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator support is vulnerable to a divide by zero issue. It could occur while copying VGA data when cirrus graphics mode was set to be VGA. A privileged user inside guest could use this flaw to crash the Qemu process instance on the host, resulting in DoS. | |
| CVE-2016-3622 | Med | 0.42 | 6.5 | 0.01 | Oct 3, 2016 | The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. | |
| CVE-2016-6505 | Med | 0.42 | 5.9 | 0.02 | Aug 6, 2016 | epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet. | |
| CVE-2015-7513 | Med | 0.42 | 6.5 | 0.00 | Feb 8, 2016 | arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions. | |
| CVE-2026-34546 | Med | 0.40 | 6.2 | 0.00 | Mar 31, 2026 | iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted TIFF input can trigger Undefined Behavior (UB) due to division by zero in the TIFF handling code paths used by iccTiffDump. This issue has been patched in version 2.3.1.6. | |
| CVE-2024-1298 | Med | 0.39 | 6.0 | 0.00 | May 30, 2024 | EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. |