Integer Overflow Vulnerability in CImg Affected by Flawed File Processing
CVE-2020-25693

8.1HIGH

Key Information:

Vendor: Cimg
Status: Cimg
Vendor: CVE Published:; 3 December 2020

What is CVE-2020-25693?

A vulnerability exists in CImg prior to version 2.9.3, where integer overflows in the load_pnm() function can lead to heap buffer overflows when processing specially crafted input files. This may result in application instability and potential data integrity issues.

Affected Version(s)

CImg CImg versions before 2.9.3

References

https://bugzilla.redhat.com/show_bug.cgi?id=1893377

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 3, 2020
Vulnerability Reserved
Sep 16, 2020

Cimg

What is CVE-2020-25693?

Affected Version(s)

References

CVSS V3.1

Timeline