Advisories ยป MGASA-2018-0438

Updated cimg and gmic packages fix security vulnerabilities

Publication date: 03 Nov 2018
Modification date: 03 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-7587 , CVE-2018-7588 , CVE-2018-7589 , CVE-2018-7637 , CVE-2018-7638 , CVE-2018-7639 , CVE-2018-7640 , CVE-2018-7641

Description

Updated cimg and gmic packages fix security vulnerabilities:

An issue was discovered in CImg v.220. DoS occurs when loading a crafted
bmp image that triggers an allocation failure in load_bmp in CImg.h
(CVE-2018-7587).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588).

An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h
occurs when loading a crafted bmp image (CVE-2018-7589).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"16 colors" case, aka case 4 (CVE-2018-7637).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"256 colors" case, aka case 8 (CVE-2018-7638).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"16 bits colors" case, aka case 16 (CVE-2018-7639).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
Monochrome case, aka case 1 (CVE-2018-7640).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"32 bits colors" case, aka case 32 (CVE-2018-7641).

References

SRPMS

6/core