CVE-2022-1325 - Vulnerability Details - OpenCVE

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00078.

Key SSVC decision points have not yet been added.

Vendors	Products
Cimg	Cimg

Configuration 1 [-]

cpe:2.3:a:cimg:cimg:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-24653	A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.
Ubuntu USN	USN-7437-1	CImg library vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://access.redhat.com/security/cve/CVE-2022-1325
https://bugzilla.redhat.com/show_bug.cgi?id=2074549
https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90
https://github.com/GreycLab/CImg/issues/343
https://github.com/GreycLab/CImg/pull/348
https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/

History

Tue, 15 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00026}`	epss `{'score': 0.00019}`

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-08-31T15:33:00

Updated: 2024-08-03T00:03:05.399Z

Reserved: 2022-04-12T00:00:00

Link: CVE-2022-1325

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-31T16:15:09.467

Modified: 2024-11-21T06:40:29.583

Link: CVE-2022-1325

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Clmg", "vendor": "n/a", "versions": [{"status": "affected", "version": "Fixed in v3.1.0"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400 - Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-31T15:33:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549"}, {"tags": ["x_refsource_MISC"], "url": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/GreycLab/CImg/issues/343"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/GreycLab/CImg/pull/348"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/cve/CVE-2022-1325"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:03:05.399Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GreycLab/CImg/issues/343"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GreycLab/CImg/pull/348"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/cve/CVE-2022-1325"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-1325", "datePublished": "2022-08-31T15:33:00", "dateReserved": "2022-04-12T00:00:00", "dateUpdated": "2024-08-03T00:03:05.399Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cimg:cimg:*:*:*:*:*:*:*:*", "matchCriteriaId": "5BC6B9AC-0442-4A13-BE55-DC1B28A0700B", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer."}, {"lang": "es", "value": "Se ha encontrado un fallo en Clmg, donde con la ayuda de un archivo pandore o bmp maliciosamente dise\u00f1ado con valores de campo de encabezados dx y dy modificados, es posible enga\u00f1ar a la aplicaci\u00f3n para que asigne tama\u00f1os de b\u00fafer enormes, como 64 Gigabytes, al leer el archivo desde el disco o desde un b\u00fafer virtual"}], "id": "CVE-2022-1325", "lastModified": "2024-11-21T06:40:29.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-31T16:15:09.467", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://access.redhat.com/security/cve/CVE-2022-1325"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/GreycLab/CImg/issues/343"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/GreycLab/CImg/pull/348"}, {"source": "secalert@redhat.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://access.redhat.com/security/cve/CVE-2022-1325"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074549"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/GreycLab/CImg/issues/343"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/GreycLab/CImg/pull/348"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-770"}], "source": "nvd@nist.gov", "type": "Primary"}]}