CVE-2019-1010174

Summary

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.

Affected Software

VendorProductVersion RangeStatus
CImgThe CImg Libraryv.2.3.3 and earlier [fixed: v.2.3.4]affected

Weaknesses

  • command injection

ADP Enrichment

CVE Program Container

Additional References

References