Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 29: CImg Security Advisory - Critical DoS Threats Fixed

fedora
Calendar Grey October 5, 2018
Dist Fedora Esm H88
The CImg library received a significant update in Fedora, addressing various critical problems such as buffer overflow vulnerabilities and denial-of-service scenarios.
Update to 2.3.6 release

Summary

The CImg Library is an open-source C++ toolkit for image processing.

It consists in a single header file 'CImg.h' providing a minimal set of C++

classes and methods that can be used in your own sources, to load/save,

process and display images. Very portable, efficient and easy to use,

it's a pleasant library for developping image processing algorithms in C++.

Update to 2.3.6 release. Fixes CVE-2018-7587, CVE-2018-7588, CVE-2018-7589,

CVE-2018-7637, CVE-2018-7638, CVE-2018-7639, CVE-2018-7640, CVE-2018-7641

[ 1 ] Bug #1552294 - CVE-2018-7587 CImg: Denial of Service (DoS) via crafted BMP image

https://bugzilla.redhat.com/show_bug.cgi?id=1552294

[ 2 ] Bug #1552296 - CVE-2018-7588 CImg: heap-based buffer over-read via crafted BMP image in load_bmp in CImg.h

https://bugzilla.redhat.com/show_bug.cgi?id=1552296

[ 3 ] Bug #1552299 - CVE-2018-7589 CImg: double free via crafted BMP image in load_bmp in CImg.h

https://bugzilla.redhat.com/show_bug.cgi?id=1552299

[ 4 ] Bug #1552920 - CVE-2018-7637 CImg: heap-based buffer over-read in load_bmp in CImg.h via crafted bmp image (16 colors)

https://bugzilla.redhat.com/show_bug.cgi?id=1552920

[ 5 ] Bug #1552919 - CVE-2018-7638 CImg: heap-based buffer over-read in load_bmp in CImg.h via crafted bmp image (256 colors)

https://bugzilla.redhat.com/show_bug.cgi?id=1552919

[ 6 ] Bug #1552917 - CVE-2018-7639 CImg: heap-based buffer over-read in load_bmp in CImg.h via crafted bmp image (16 bits colors)

https://bugzilla.redhat.com/show_bug.cgi?id=1552917

[ 7 ] Bug #1552918 - CVE-2018-7640 CImg: heap-based buffer over-read in load_bmp in CImg.h via crafted bmp image (monochrome)

https://bugzilla.redhat.com/show_bug.cgi?id=1552918

[ 8 ] Bug #1552916 - CVE-2018-7641 CImg: heap-based buffer over-read in load_bmp in CImg.h via crafted bmp image (32 bits colors)

https://bugzilla.redhat.com/show_bug.cgi?id=1552916

su -c 'dnf upgrade --advisory FEDORA-2018-4c9e9b82d1' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora DoS critical threat CImg

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 29
Version: 2.3.6
Release: 1.fc29
URL: https://github.com/GreycLab/CImg
Summary: C++ Template Image Processing Toolkit

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora DoS critical threat CImg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here