Buffer Allocation Flaw in CImg by GreycLab
CVE-2022-1325

5.5MEDIUM

Key Information:

Vendor

Cimg

Status
Clmg
Vendor
CVE Published:
31 August 2022

What is CVE-2022-1325?

A vulnerability exists in CImg, where specially crafted pandore or bmp files can manipulate the dx and dy header values. This manipulation can result in the application allocating excessively large buffer sizes, potentially up to 64 Gigabytes, during the reading process of the file from either disk or a virtual buffer. This behavior can be exploited by attackers to create denial of service conditions or to potentially execute arbitrary code through unregulated memory allocation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Clmg Fixed in v3.1.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=2074549
x_refsource_MISC
https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc5...
x_refsource_MISC
https://github.com/GreycLab/CImg/issues/343
x_refsource_MISC

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.