Back to search
CVE-2022-1325
Published: Aug 31, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.
| Vendor | Product | Versions |
|---|---|---|
n/a | Clmg | affected Fixed in v3.1.0 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=2074549
x_refsource_MISC
https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/
x_refsource_MISC
https://github.com/GreycLab/CImg/issues/343
x_refsource_MISC
https://github.com/GreycLab/CImg/pull/348
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2022-1325
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now