PT-2018-18178 · David Tschumperle · Cimg
Xiaoqx
·
Published
2018-03-02
·
Updated
2020-11-02
·
CVE-2018-7639
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
CImg version 220
Description
A heap-based buffer over-read issue occurs in the load bmp function in CImg.h when loading a crafted bmp image, specifically in the "16 bits colors" case.
Recommendations
For version 220, consider avoiding the use of the load bmp function in CImg.h until a patch is available, or refrain from loading crafted bmp images to minimize the risk of exploitation.
Exploit
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cimg