Updated cimg and gmic packages fix security vulnerabilities
Publication date: 03 Nov 2018Modification date: 03 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-7587 , CVE-2018-7588 , CVE-2018-7589 , CVE-2018-7637 , CVE-2018-7638 , CVE-2018-7639 , CVE-2018-7640 , CVE-2018-7641
Description
Updated cimg and gmic packages fix security vulnerabilities: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h (CVE-2018-7587). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588). An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7589). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16 colors" case, aka case 4 (CVE-2018-7637). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "256 colors" case, aka case 8 (CVE-2018-7638). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16 bits colors" case, aka case 16 (CVE-2018-7639). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a Monochrome case, aka case 1 (CVE-2018-7640). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "32 bits colors" case, aka case 32 (CVE-2018-7641).
References
- https://bugs.mageia.org/show_bug.cgi?id=23700
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6Z4EMB7JFEKIYRFRANRNDD7ZIIZP6T4Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OCWBP5ZUZHIZXP7IFUEZIJG7Q3VLJXBV/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7587
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7589
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7638
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7639
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7640
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7641
SRPMS
6/core
- cimg-2.4.0-1.mga6
- gmic-2.4.0-1.2.mga6