UBUNTU-CVE-2022-1325

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-1325

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-1325.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-1325

Related

Published

2022-08-31T16:15:00Z

Modified

2025-06-03T17:38:39Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.

References

Affected packages

Ubuntu:Pro:16.04:LTS / cimg

Package

Name: cimg
Purl: pkg:deb/ubuntu/cimg@1.6.5+dfsg-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.4+dfsg-1build1

1.6.5+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / cimg

Package

Name: cimg
Purl: pkg:deb/ubuntu/cimg@1.7.9+dfsg-2ubuntu0.18.04.2+esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.7.9+dfsg-2

1.7.9+dfsg-2build1

1.7.9+dfsg-2ubuntu0.18.04.1

1.7.9+dfsg-2ubuntu0.18.04.2

1.7.9+dfsg-2ubuntu0.18.04.2+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / cimg

Package

Name: cimg
Purl: pkg:deb/ubuntu/cimg@2.4.5+dfsg-1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.4.5+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / cimg

Package

Name: cimg
Purl: pkg:deb/ubuntu/cimg@2.9.4+dfsg-3?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.9.4+dfsg-2

2.9.4+dfsg-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:22.04:LTS / cimg

Package

Name: cimg
Purl: pkg:deb/ubuntu/cimg@2.9.4+dfsg-3ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.9.4+dfsg-3ubuntu0.1~esm1

Affected versions

2.*

2.9.4+dfsg-2

2.9.4+dfsg-3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "2.9.4+dfsg-3ubuntu0.1~esm1",
            "binary_name": "cimg-dev"
        },
        {
            "binary_version": "2.9.4+dfsg-3ubuntu0.1~esm1",
            "binary_name": "cimg-doc"
        },
        {
            "binary_version": "2.9.4+dfsg-3ubuntu0.1~esm1",
            "binary_name": "cimg-examples"
        }
    ]
}