CVE-2018-13833

Vulnerability

A stack-based buffer overflow exists in the cmft::rwReadFile function in image.cpp of cmft through 2017-09-24. The function performs a large fread (up to 49152 bytes) into a fixed-size stack buffer without bounds checking when processing a crafted .ktx file, as demonstrated in [1] and [2].

Exploitation

An attacker can exploit this by supplying a specially crafted .ktx file (e.g., down-reference.ktx) and invoking the cmftRelease command with --input pointing to that file. No authentication or special privileges are required; the user simply opens the malicious file, triggering the overflow during image loading.

Impact

Successful exploitation causes a stack buffer overflow, leading to application crash (denial of service). While the report suggests unspecified other impact, the overflow corrupts stack memory and may under certain conditions be leveraged for arbitrary code execution, but no such exploit is detailed in the references.

Mitigation

No fix or patched version has been released as of the publication date (2018-07-10) and the repository appears inactive. Users should avoid processing untrusted .ktx files with cmft. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.