VDB

CVE-2019-1010174

CVE-2019-1010174 PUBLISHED

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.

EPSS 6.44% · 91.2th percentile

Risk Scores

EPSS Score
6.44%
91.2th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSgmic0, 1.6.8-3, 1.6.2.0-1build2
Ubuntu:18.04:LTSgmic1.7.9+zart-4build1, 0, 1.7.9+zart-4build2
Ubuntu:Pro:18.04:LTScimg1.7.9+dfsg-2ubuntu0.18.04.1, 1.7.9+dfsg-2ubuntu0.18.04.2, 1.7.9+dfsg-2ubuntu0.18.04.2+esm1
Ubuntu:20.04:LTSgmic0, 2.4.5-1, 2.4.5-1.1
Ubuntu:16.04:LTScimg0, 1.6.5+dfsg-1, *
Ubuntu:22.04:LTSgmic2.9.4-4build1, 2.9.4-4, 0

Exploit Intelligence

…and 5 more exploits

Timeline

  • Jul 25, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 5, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • May 13, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›