Heap-Based Buffer Over-Read in CImg by Dtschump
CVE-2018-7588

7.8HIGH

Key Information:

Vendor

Cimg

Status
Cimg
Vendor
CVE Published:
1 March 2018

What is CVE-2018-7588?

A heap-based buffer over-read was discovered in the CImg library (version 220) when it processes specific BMP images. This vulnerability can lead to unintended behaviors, allowing attackers to read sensitive information from memory beyond the intended buffer limits. Proper validation is required when handling crafted BMP images to safeguard against such vulnerabilities.

References

https://github.com/dtschump/CImg/issues/183
x_refsource_MISC
https://github.com/xiaoqx/pocs/tree/master/cimg
x_refsource_MISC
https://usn.ubuntu.com/4039-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.