← back
CVE-2022-1325

CVE-2022-1325

EPSS 0.4%CWE-400
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
31 Aug 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.
Affected products
n/a · Clmg