Cimg
CVE-2020-25693
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.
AnalysisAI
A flaw was found in CImg in versions prior to 2.9.3. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity. Affected products include: Cimg, Fedoraproject Fedora. Version information: prior to 2.9.3..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file. Rate
A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_lo
An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,
An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,
An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,
An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,
An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,
An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,
An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,
An issue was discovered in CImg v.220. Rated high severity (CVSS 7.8), this vulnerability is no authentication required,
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy heade
CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a
Same weakness CWE-190 – Integer Overflow or Wraparound
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today