CVE-2018-13794 – A heap-based buffer overflow vulnerability in t... (How to Fix)

Q: What is the severity of CVE-2018-13794?

CVE-2018-13794 has a CVSS score of 9.8 (CRITICAL). A heap-based buffer overflow vulnerability in the stb_image.h library used by catimg allows attackers to execute arbitrary code or cause denial of service. This affects catimg 2.4.0 users who process malicious BMP image files. The vulnerability is in the image parsing component and can be triggered when displaying images.

📋 TL;DR

A heap-based buffer overflow vulnerability in the stb_image.h library used by catimg allows attackers to execute arbitrary code or cause denial of service. This affects catimg 2.4.0 users who process malicious BMP image files. The vulnerability is in the image parsing component and can be triggered when displaying images.

💻 Affected Systems

Products:

catimg

Versions: 2.4.0

Operating Systems: Linux, macOS, Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Any system with catimg 2.4.0 installed and processing BMP files is vulnerable.

📦 What is this software?

Catimg by Catimg Project

View all CVEs affecting Catimg →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the catimg process, potentially leading to full system compromise.

🟠

Likely Case

Application crash (denial of service) when processing specially crafted BMP files.

🟢

If Mitigated

Limited impact if catimg runs in sandboxed environment with minimal privileges.

🌐 Internet-Facing: MEDIUM - Requires user to process malicious files, but catimg is typically used locally.

🏢 Internal Only: MEDIUM - Could be exploited via phishing or malicious files in shared directories.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting a malicious BMP file that triggers the buffer overflow.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.5.0 and later

Vendor Advisory: https://github.com/posva/catimg/issues/34

Restart Required: No

Instructions:

1. Update catimg to version 2.5.0 or later using your package manager. 2. For manual installation: git clone https://github.com/posva/catimg.git, cd catimg, git checkout tags/2.5.0, make, sudo make install.

🔧 Temporary Workarounds

Disable BMP processing

all

Modify catimg source to disable BMP file support

Edit stb_image.h to remove BMP parsing functions

Use alternative image viewer

linux

Temporarily replace catimg with another terminal image viewer

sudo apt-get install fim
sudo yum install fim

🧯 If You Can't Patch

Run catimg with reduced privileges using chroot or containerization
Implement strict file validation for BMP files before processing with catimg

🔍 How to Verify

Check if Vulnerable:

Run 'catimg --version' and check if output shows 2.4.0

Check Version:

catimg --version

Verify Fix Applied:

After update, run 'catimg --version' and confirm version is 2.5.0 or higher

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors from catimg process
Abnormal termination of catimg

Network Indicators:

Unusual file downloads followed by catimg execution

SIEM Query:

process_name:"catimg" AND (event_type:"crash" OR exit_code:139)

📊 Metadata

CVE ID: CVE-2018-13794

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: July 9, 2018

Last Updated: November 21, 2024

🔗 References

https://github.com/posva/catimg/issues/34 Third Party Advisory
https://github.com/posva/catimg/issues/34 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-13794, you might also want to check these: