CVE-2022-1325 - OpenCVE

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cimg	Cimg

Configuration 1 [-]

cpe:2.3:a:cimg:cimg:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2022-1325
https://bugzilla.redhat.com/show_bug.cgi?id=2074549
https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90
https://github.com/GreycLab/CImg/issues/343
https://github.com/GreycLab/CImg/pull/348
https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-31T15:33:00

Updated: 2024-08-03T00:03:05.399Z

Reserved: 2022-04-12T00:00:00

Link: CVE-2022-1325

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-31T16:15:09.467

Modified: 2022-09-07T16:23:06.993

Link: CVE-2022-1325

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Clmg", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in v3.1.0"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 - Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-31T15:33:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549"}, {"tags": ["x_refsource_MISC"], "url": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/GreycLab/CImg/issues/343"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/GreycLab/CImg/pull/348"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2022-1325"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:03:05.399Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GreycLab/CImg/issues/343"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GreycLab/CImg/pull/348"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-1325"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1325", "datePublished": "2022-08-31T15:33:00", "dateReserved": "2022-04-12T00:00:00", "dateUpdated": "2024-08-03T00:03:05.399Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cimg:cimg:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BC6B9AC-0442-4A13-BE55-DC1B28A0700B", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer."}, {"lang": "es", "value": "Se ha encontrado un fallo en Clmg, donde con la ayuda de un archivo pandore o bmp maliciosamente dise\u00f1ado con valores de campo de encabezados dx y dy modificados, es posible enga\u00f1ar a la aplicaci\u00f3n para que asigne tama\u00f1os de b\u00fafer enormes, como 64 Gigabytes, al leer el archivo desde el disco o desde un b\u00fafer virtual"}], "id": "CVE-2022-1325", "lastModified": "2022-09-07T16:23:06.993", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-31T16:15:09.467", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://access.redhat.com/security/cve/CVE-2022-1325"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/GreycLab/CImg/issues/343"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/GreycLab/CImg/pull/348"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}]}