VDB
CVE-2022-1325
CVE-2022-1325
PUBLISHED
CVSS 5.5 MEDIUM
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.
EPSS 0.03% · 7.9th percentile
Risk Scores
CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS Score
0.03%
7.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cimg | cimg | 0 |
| n/a | Clmg | Fixed in v3.1.0 |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=2074549 (nist-nvd)
- https://github.com/GreycLab/CImg/issues/343 (nist-nvd)
- https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/ (nist-nvd)
- https://github.com/GreycLab/CImg/pull/348 (circl)
- https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90 (circl)
- https://access.redhat.com/security/cve/CVE-2022-1325 (circl)
Timeline
- Aug 31, 2022 CVE Published
- Sep 1, 2022 EPSS Score
- Sep 7, 2022 CVE Updated
- Oct 16, 2022 EPSS Score
- Dec 1, 2022 EPSS Score
- Dec 30, 2022 EPSS Score
- Jan 15, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 16, 2023 EPSS Score
- May 31, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://bugzilla.redhat.com/show_bug.cgi?id=2074549 url
- https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/ url
- https://github.com/GreycLab/CImg/issues/343 url
- https://github.com/GreycLab/CImg/pull/348 url
- https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90 url
- https://access.redhat.com/security/cve/CVE-2022-1325 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-1325 advisory
- https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2 url