Skip to main content

Cimg CVE-2019-13568

HIGH
Out-of-bounds Write (CWE-787)
2019-07-31 cve@mitre.org
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 31, 2019 - 15:15 nvd
HIGH 8.8

DescriptionNVD

CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.

AnalysisAI

CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image. Affected products include: Cimg. Version information: through 2.6.7.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

More in Cimg

View all
CVE-2023-41484 HIGH POC
8.1 Sep 20

An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file. Rate

CVE-2020-25693 HIGH POC
8.1 Dec 03

A flaw was found in CImg in versions prior to 2.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely expl

CVE-2024-26540 HIGH POC
7.8 Mar 15

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_lo

CVE-2018-7641 HIGH POC
7.8 Mar 02

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,

CVE-2018-7640 HIGH POC
7.8 Mar 02

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,

CVE-2018-7639 HIGH POC
7.8 Mar 02

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,

CVE-2018-7638 HIGH POC
7.8 Mar 02

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,

CVE-2018-7637 HIGH POC
7.8 Mar 02

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,

CVE-2018-7589 HIGH POC
7.8 Mar 01

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,

CVE-2018-7588 HIGH POC
7.8 Mar 01

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,

CVE-2018-7587 HIGH POC
7.8 Mar 01

An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,

CVE-2022-1325 MEDIUM POC
5.5 Aug 31

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy heade

Share

CVE-2019-13568 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy