CVE-2023-1190

Опубликовано: 06 мар. 2023

Источник: nvd

CVSS3: 4.8

CVSS3: 7.8

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability.

Ссылки

https://github.com/10cksYiqiyinHangzhouTechnology/imageinfo_poc
Exploit
Third Party Advisory
https://github.com/xiaozhuai/imageinfo/issues/1
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.222362
Permissions Required
Third Party Advisory
https://vuldb.com/?id.222362
Third Party Advisory
https://github.com/10cksYiqiyinHangzhouTechnology/imageinfo_poc
Exploit
Third Party Advisory
https://github.com/xiaozhuai/imageinfo/issues/1
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.222362
Permissions Required
Third Party Advisory
https://vuldb.com/?id.222362
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:imageinfo_project:imageinfo:*:*:*:*:*:*:*:*

Версия до 3.0.3 (включая)

EPSS

Процентиль: 18%

0.00056

Низкий

4.8 Medium

CVSS3

7.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-120

Связанные уязвимости

GHSA-2pff-393p-j223

CVSS3: 7.8

github

почти 3 года назад

BDU:2023-01876

CVSS3: 7.8

fstec

почти 3 года назад

Уязвимость файла imageinfo.hpp библиотеки imageinfo, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 18%

0.00056

Низкий

4.8 Medium

CVSS3

7.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-120