{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-28T16:34:56.382","vulnerabilities":[{"cve":{"id":"CVE-2022-1325","sourceIdentifier":"secalert@redhat.com","published":"2022-08-31T16:15:09.467","lastModified":"2026-06-17T04:22:13.330","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer."},{"lang":"es","value":"Se ha encontrado un fallo en Clmg, donde con la ayuda de un archivo pandore o bmp maliciosamente diseñado con valores de campo de encabezados dx y dy modificados, es posible engañar a la aplicación para que asigne tamaños de búfer enormes, como 64 Gigabytes, al leer el archivo desde el disco o desde un búfer virtual"}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"vendor":"n/a","product":"Clmg","versions":[{"version":"Fixed in v3.1.0","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cimg:cimg:*:*:*:*:*:*:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"5BC6B9AC-0442-4A13-BE55-DC1B28A0700B"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2022-1325","source":"secalert@redhat.com","tags":["Broken Link"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074549","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/GreycLab/CImg/issues/343","source":"secalert@redhat.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/GreycLab/CImg/pull/348","source":"secalert@redhat.com","tags":["Patch","Third Party Advisory"]},{"url":"https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/","source":"secalert@redhat.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://access.redhat.com/security/cve/CVE-2022-1325","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2074549","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/GreycLab/CImg/issues/343","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/GreycLab/CImg/pull/348","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}