CVE-2017-12923

Name of the Vulnerable Software and Affected Versions libfpx version 1.3.1 p6

Description The issue allows remote attackers to cause a denial of service, specifically a NULL pointer dereference, by providing a crafted fpx image. This is due to a problem in the OLEStream::WriteVT LPSTR function in olestrm.cpp.

Recommendations For libfpx version 1.3.1 p6, consider avoiding the use of the OLEStream::WriteVT LPSTR function until a patch is available. As a temporary workaround, restrict the processing of fpx images from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.