Heap-based Buffer Overflow in CImg Product by Dtschump
CVE-2019-13568

8.8HIGH

Key Information:

Vendor

Cimg

Status
Cimg
Vendor
CVE Published:
31 July 2019

What is CVE-2019-13568?

The CImg library, up to and including version 2.6.7, is susceptible to a heap-based buffer overflow that occurs in the _load_bmp function found in CImg.h. This vulnerability is triggered due to inadequate memory allocation when processing a malformed BMP image, potentially allowing attackers to execute arbitrary code or cause a denial of service during image loading. Users of affected versions are urged to update to a patched release to safeguard their applications.

References

http://cimg.eu/
x_refsource_MISC
https://github.com/dtschump/CImg
x_refsource_MISC
https://github.com/dtschump/CImg/commit/ac8003393569aba51...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.