Heap-Based Buffer Over-Read in CImg Affects Image Processing Capabilities
CVE-2018-7641

7.8HIGH

Key Information:

Vendor

Cimg

Status
Cimg
Vendor
CVE Published:
2 March 2018

What is CVE-2018-7641?

A heap-based buffer over-read vulnerability exists in the CImg library version 220, specifically in the load_bmp function located in CImg.h. This issue arises when the library processes a specially crafted BMP image, particularly in configurations that handle 32-bit colors. This vulnerability may allow an attacker to read beyond the intended buffer, potentially disclosing sensitive information or leading to further exploit scenarios.

References

https://github.com/dtschump/CImg/issues/185
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2019/09/msg0...
mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/10/msg0...
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.