CVE-2023-40968
Description
Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- hzeller/timgdescription
Patches
Vulnerability mechanics
Root cause
"A heap-buffer-overflow occurs in the `StoreBacking` function when processing image data."
Attack vector
A remote attacker can trigger this vulnerability by providing a specially crafted image file to the timg application. The overflow happens during the image decoding process, specifically when `timg::UnicodeBlockCanvas::Send` is called with incorrect parameters, leading to a crash. The vulnerability is triggered by writing data beyond the allocated buffer boundaries.
Affected code
The vulnerability resides in the `src/unicode-block-canvas.cc` file, specifically within the `StoreBacking` function at line 145. The issue is also present in the `AppendDoubleRow` function at line 305 and `Send` function at line 374 within the same file. The crash occurs during the rendering process initiated by `timg::STBImageSource::SendFrames`.
What the fix does
The patch addresses the heap-buffer-overflow by ensuring that the size calculations for the backing buffer are correct. Specifically, it modifies how the `width` and `height` are used in `StoreBacking` to prevent out-of-bounds writes. This change ensures that the data is written within the allocated memory, thereby mitigating the crash.
Preconditions
- inputA specially crafted image file that triggers the buffer overflow.
Generated on Jun 6, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.