Buffer Allocation Flaw in CImg by GreycLab
CVE-2022-1325

5.5MEDIUM

Key Information:

Vendor: Cimg
Status: Clmg
Vendor: CVE Published:; 31 August 2022

What is CVE-2022-1325?

A vulnerability exists in CImg, where specially crafted pandore or bmp files can manipulate the dx and dy header values. This manipulation can result in the application allocating excessively large buffer sizes, potentially up to 64 Gigabytes, during the reading process of the file from either disk or a virtual buffer. This behavior can be exploited by attackers to create denial of service conditions or to potentially execute arbitrary code through unregulated memory allocation.

Affected Version(s)

Clmg Fixed in v3.1.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=2074549

x_refsource_MISC

https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc5...

x_refsource_MISC

https://github.com/GreycLab/CImg/issues/343

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2022
Vulnerability Reserved
Apr 12, 2022

Cimg

What is CVE-2022-1325?

Affected Version(s)

References

CVSS V3.1

Timeline