1 results (0.007 seconds)
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1010174
https://notcve.org/view.php?id=CVE-2019-1010174
CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4. • https://framagit.org/dtschump/CImg/commit/5ce7a426b77f814973e56182a0e76a2b04904146 https://lists.debian.org/debian-lts-announce/2019/09/msg00030.html https://lists.debian.org/debian-lts-announce/2020/10/msg00033.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •