Double Free Vulnerability in CImg Library Affects Image Processing Functionality
CVE-2018-7589

7.8HIGH

Key Information:

Vendor

Cimg

Status
Cimg
Vendor
CVE Published:
1 March 2018

What is CVE-2018-7589?

An issue has been identified in the CImg library, specifically in version 220, where a double free vulnerability occurs in the load_bmp function within CImg.h. This vulnerability manifests when processing specially crafted BMP images, potentially leading to unpredictable behavior, including application crashes or exploitation. Awareness of this issue is crucial for developers utilizing the CImg library for image processing tasks.

References

https://github.com/dtschump/CImg/issues/184
x_refsource_MISC
https://github.com/xiaoqx/pocs/tree/master/cimg
x_refsource_MISC
https://usn.ubuntu.com/4039-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.