Denial of Service Vulnerability in CImg Library by CImg Project
CVE-2018-7587

7.8HIGH

Key Information:

Vendor: Cimg
Status: Cimg
Vendor: CVE Published:; 1 March 2018

What is CVE-2018-7587?

A vulnerability in the CImg library was identified that may lead to denial of service when handling specially crafted BMP images. Specifically, when loading a malformed BMP file, the CImg library experiences an allocation failure due to improper handling in the load_bmp function as defined in CImg.h. This flaw can potentially disrupt application availability that relies on the CImg library for image processing.

References

https://github.com/xiaoqx/pocs/tree/master/cimg

x_refsource_MISC

https://usn.ubuntu.com/4039-1/

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 1, 2018
Vulnerability Reserved
Mar 1, 2018

Cimg

What is CVE-2018-7587?

References

CVSS V3.1

Timeline