CVE-2021-46389 – CVE-2021-46389 is an integer overflow vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-46389?

CVE-2021-46389 has a CVSS score of 7.5 (HIGH). CVE-2021-46389 is an integer overflow vulnerability in IIPImage High Resolution Streaming Image Server that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed HTTP query parameters. This affects all deployments running IIPImage iipsrv.fcgi prior to commit 882925b295a80ec992063deffc2a3b0d803c3195. Organizations using IIPImage for streaming high-resolution images are at risk.

📋 TL;DR

CVE-2021-46389 is an integer overflow vulnerability in IIPImage High Resolution Streaming Image Server that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed HTTP query parameters. This affects all deployments running IIPImage iipsrv.fcgi prior to commit 882925b295a80ec992063deffc2a3b0d803c3195. Organizations using IIPImage for streaming high-resolution images are at risk.

💻 Affected Systems

Products:

IIPImage High Resolution Streaming Image Server

Versions: All versions prior to commit 882925b295a80ec992063deffc2a3b0d803c3195

Operating Systems: Linux, Unix-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the iipsrv.fcgi component specifically. Any deployment using IIPImage for image streaming is vulnerable unless patched.

📦 What is this software?

High Resolution Streaming Image Server by High Resolution Streaming Image Server Project

View all CVEs affecting High Resolution Streaming Image Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or installation of persistent backdoors.

🟠

Likely Case

Denial of service causing the IIPImage server to crash, disrupting image streaming services.

🟢

If Mitigated

Limited impact with proper network segmentation and WAF filtering of malformed requests.

🌐 Internet-Facing: HIGH - The vulnerability is exploitable via HTTP requests without authentication, making internet-facing servers prime targets.

🏢 Internal Only: MEDIUM - Internal servers are still vulnerable but have reduced attack surface compared to internet-facing deployments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires sending malformed HTTP query parameters, which is relatively straightforward for attackers with knowledge of the flaw.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 882925b295a80ec992063deffc2a3b0d803c3195 or later

Vendor Advisory: https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195

Restart Required: Yes

Instructions:

1. Pull the latest code from the IIPImage GitHub repository
2. Apply commit 882925b295a80ec992063deffc2a3b0d803c3195 or later
3. Recompile and reinstall iipsrv.fcgi
4. Restart the IIPImage service

🔧 Temporary Workarounds

Web Application Firewall (WAF) Filtering

all

Configure WAF rules to block malformed HTTP query parameters targeting IIPImage endpoints

Network Segmentation

all

Restrict access to IIPImage servers to only trusted internal networks

🧯 If You Can't Patch

Deploy a reverse proxy with request validation to filter malicious queries before they reach IIPImage
Implement strict network access controls to limit which systems can communicate with the IIPImage server

🔍 How to Verify

Check if Vulnerable:

Check the git commit hash of your IIPImage installation. If it's earlier than 882925b295a80ec992063deffc2a3b0d803c3195, you are vulnerable.

Check Version:

cd /path/to/iipsrv && git log --oneline -1

Verify Fix Applied:

Verify that the installed version includes commit 882925b295a80ec992063deffc2a3b0d803c3195 or later by checking git log.

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP query parameters in access logs
Server crashes or abnormal termination of iipsrv.fcgi processes
Error messages related to integer overflow or memory corruption

Network Indicators:

HTTP requests with unusually long or malformed query strings to IIPImage endpoints
Multiple rapid requests with varying query parameters

SIEM Query:

source="iipsrv_access.log" AND (uri_path="/iipsrv.fcgi" OR uri_path="/iipsrv") AND query_string MATCHES "[^&]*=[^&]*[^\d\w\-_.~%]"

📊 Metadata

CVE ID: CVE-2021-46389

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

Published: February 7, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9 Patch,Third Party Advisory
https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195 Patch,Third Party Advisory
https://github.com/ruven/iipsrv/commit/4ed59265fbbd636dc2fbbf325f8ea37ed300a6d9 Patch,Third Party Advisory
https://github.com/ruven/iipsrv/commit/882925b295a80ec992063deffc2a3b0d803c3195 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-46389, you might also want to check these: