CVE-2019-1010174

Description

CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.

How to fix CVE-2019-1010174

To remediate CVE-2019-1010174, upgrade the affected package to a fixed version below.

Debian/cimg—upgrade to 2.3.6+dfsg-1 or later

Is CVE-2019-1010174 being exploited?

Moderate — EPSS is 6.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

from 0, < 2.3.6+dfsg-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-1010174