Candidate: CVE-2019-1010174
PublicDate: 2019-07-25 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010174
 https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146 (v.2.3.4)
 https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146
Description:
 CImg The CImg Library v.2.3.3 and earlier is affected by: command
 injection. The impact is: RCE. The component is: load_network() function.
 The attack vector is: Loading an image from a user-controllable url can
 lead to command injection, because no string sanitization is done on the
 url. The fixed version is: v.2.3.4.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_cimg:
upstream_cimg: released (2.3.6+dfsg-1)
precise/esm_cimg: DNE
trusty_cimg: ignored (out of standard support)
trusty/esm_cimg: DNE
xenial_cimg: ignored (end of standard support, was needed)
bionic_cimg: needed
disco_cimg: not-affected (2.4.5+dfsg-1)
eoan_cimg: not-affected
focal_cimg: not-affected
groovy_cimg: not-affected
hirsute_cimg: not-affected
impish_cimg: not-affected
jammy_cimg: not-affected
devel_cimg: not-affected

Patches_gmic:
upstream_gmic: released (2.3.6+dfsg-1)
precise/esm_gmic: DNE
trusty_gmic: ignored (out of standard support)
trusty/esm_gmic: DNE
xenial_gmic: ignored (end of standard support, was needs-triage)
bionic_gmic: needs-triage
disco_gmic: ignored (reached end-of-life)
eoan_gmic: ignored (reached end-of-life)
focal_gmic: needs-triage
groovy_gmic: ignored (reached end-of-life)
hirsute_gmic: ignored (reached end-of-life)
impish_gmic: needs-triage
jammy_gmic: needs-triage
devel_gmic: needs-triage