PT-2018-3435 · David Tschumperle+1 · Cimg+1

Xiaoqx

Publicado

2018-03-01

Atualizado

2020-11-02

CVE-2018-7588

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: CImg versions prior to v.220

Description: The issue is related to a heap-based buffer over-read in the load bmp function in CImg.h, which occurs when loading a specially crafted bmp image. This can potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations: For versions prior to v.220, consider disabling the load bmp function in CImg.h until a patch is available to prevent potential exploitation. Restrict the loading of bmp images from untrusted sources to minimize the risk of exploitation.

Exploit

Correção

Buffer Overflow

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-125

Identificadores relacionados

BDU:2020-01535

CVE-2018-7588

DLA-1934-1

DLA-2421-1

MGASA-2018-0438

USN-4039-1

Produtos afetados

Cimg

Ubuntu

PT-2018-3435 · David Tschumperle+1 · Cimg+1

CVE-2018-7588

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 26