Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, which triggers a divide-by-zero error.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.64581
Percentile: 0.98349

CVSS Scoring

Mapped CWE(s)

• CWE-369 : Divide By Zero

Affected Products

• cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*

← Back to Home