CVE-2019-1010174

9.8CRITICAL

Key Information

Vendor: Cimg
Status: The Cimg Library
Vendor: CVE Published:; 25 July 2019

Badges

👾 Exploit Exists🔴 Public PoC

Summary

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.

Affected Version(s)

The CImg Library = v.2.3.3 and earlier [fixed: v.2.3.4]

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2019-1010174
Created by NketiahGodfred

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
Dec 1, 2024
Vulnerability published.
Jul 25, 2019
Vulnerability Reserved.
Mar 20, 2019

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)