← volver
CVE-2019-1010174

CVE-2019-1010174

EPSS 4.9%
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.
Productos afectados
CImg · The CImg Library

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146https://lists.debian.org/debian-lts-announce/2019/09/msg00030.htmlhttps://lists.debian.org/debian-lts-announce/2020/10/msg00033.html