CVE-2023-1190

Name of the Vulnerable Software and Affected Versions xiaozhuai imageinfo versions up to 3.0.3

Description A buffer overflow issue has been found in the imageinfo.hpp file of the xiaozhuai imageinfo library. This issue is related to the copying of a buffer without checking the size of the input data. The manipulation of this issue can lead to a buffer overflow, which requires local access to exploit. The exploit has been disclosed to the public and may be used, potentially allowing an attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For xiaozhuai imageinfo versions up to 3.0.3, consider updating to a version later than 3.0.3 to resolve the buffer overflow issue. As a temporary workaround, consider restricting access to the imageinfo.hpp file to minimize the risk of exploitation.