NVD Vulnerability Detail

CVE-2020-25693

Summary	A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity.
Publication Date	Dec. 4, 2020, 2:15 a.m.
Registration Date	Jan. 26, 2021, 11:55 a.m.
Last Update	Nov. 21, 2024, 2:18 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:cimg:cimg::::::::					2.9.3

Related information, measures and tools

No	URL	タグ
1	https://bugzilla.redhat.com/show_bug.cgi?id=1893377	Exploit Issue Tracking Patch Third Party Advisory
2	https://bugzilla.redhat.com/show_bug.cgi?id=1893377	Exploit Issue Tracking Patch Third Party Advisory
3	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERBZALTF7LXN2LZLPGAUSVMV53GHHTUC/
4	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERBZALTF7LXN2LZLPGAUSVMV53GHHTUC/
5	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MJ5Q7NNUPXATTBUKHFKIYYAV5GJDYCZL/
6	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MJ5Q7NNUPXATTBUKHFKIYYAV5GJDYCZL/
7	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZ3NPLYXZWEL7HETIFZVCXEZZ2WYYRWA/
8	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZ3NPLYXZWEL7HETIFZVCXEZZ2WYYRWA/

Common Vulnerabilities List

JVN Vulnerability Information

CImg における整数オーバーフローの脆弱性

Title	CImg における整数オーバーフローの脆弱性
Summary	CImg には、整数オーバーフローの脆弱性、および境界外書き込みに関する脆弱性が存在します。
Possible impacts	情報を取得される、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 22, 2020, midnight
Registration Date	July 14, 2021, 4:42 p.m.
Last Update	July 14, 2021, 4:42 p.m.

Affected System

Fedora Project

Fedora

David Tschumperle

CImg 2.9.3 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-25693	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25693
National Vulnerability Database (NVD)
2	CVE-2020-25693	https://nvd.nist.gov/vuln/detail/CVE-2020-25693

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-190	https://cwe.mitre.org/data/definitions/190.html
2	CWE-787	https://cwe.mitre.org/data/definitions/787.html

ベンダー情報

No	Name	URL
Fedora Update Notification
1	FEDORA-2021-2aaba884af	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ERBZALTF7LXN2LZLPGAUSVMV53GHHTUC/
2	FEDORA-2021-bc6585e31a	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZ3NPLYXZWEL7HETIFZVCXEZZ2WYYRWA/
3	FEDORA-2021-ca1151e997	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MJ5Q7NNUPXATTBUKHFKIYYAV5GJDYCZL/
GitHub
4	dtschump/CImg	https://github.com/dtschump/CImg
5	Fix multiple heap buffer overflows #295	https://github.com/dtschump/CImg/pull/295/commits/4f184f89f9ab6785a6c90fd238dbaa6d901d3505

その他

No	Name	URL
関連文書
1	Bug 1893377 (CVE-2020-25693) - CVE-2020-25693 CImg: multiple integer overflows leading to heap-based buffer-overflows	https://bugzilla.redhat.com/show_bug.cgi?id=1893377

Change Log

No	Changed Details	Date of change
1	[2021年07月14日] 掲載	July 14, 2021, 4:42 p.m.