Mageia 2018-0438: cimg and gmic security update

MGASA-2018-0438 - Updated cimg and gmic packages fix security vulnerabilities

Publication date: 03 Nov 2018
URL: https://advisories.mageia.org/MGASA-2018-0438.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-7587,
     CVE-2018-7588,
     CVE-2018-7589,
     CVE-2018-7637,
     CVE-2018-7638,
     CVE-2018-7639,
     CVE-2018-7640,
     CVE-2018-7641

Updated cimg and gmic packages fix security vulnerabilities:

An issue was discovered in CImg v.220. DoS occurs when loading a crafted
bmp image that triggers an allocation failure in load_bmp in CImg.h
(CVE-2018-7587).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588).

An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h
occurs when loading a crafted bmp image (CVE-2018-7589).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"16 colors" case, aka case 4 (CVE-2018-7637).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"256 colors" case, aka case 8 (CVE-2018-7638).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"16 bits colors" case, aka case 16 (CVE-2018-7639).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
Monochrome case, aka case 1 (CVE-2018-7640).

An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"32 bits colors" case, aka case 32 (CVE-2018-7641).

References:
- https://bugs.mageia.org/show_bug.cgi?id=23700
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6Z4EMB7JFEKIYRFRANRNDD7ZIIZP6T4Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OCWBP5ZUZHIZXP7IFUEZIJG7Q3VLJXBV/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7587
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7589
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7638
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7639
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7640
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7641

SRPMS:
- 6/core/cimg-2.4.0-1.mga6
- 6/core/gmic-2.4.0-1.2.mga6
Get the Latest News & Insights
Mageia 2018-0438: cimg and gmic security update

Summary

References

Resolution

SRPMS

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By
