MGASA-2018-0438 - Updated cimg and gmic packages fix security vulnerabilities
Publication date: 03 Nov 2018
URL: https://advisories.mageia.org/MGASA-2018-0438.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-7587,
CVE-2018-7588,
CVE-2018-7589,
CVE-2018-7637,
CVE-2018-7638,
CVE-2018-7639,
CVE-2018-7640,
CVE-2018-7641
Updated cimg and gmic packages fix security vulnerabilities:
An issue was discovered in CImg v.220. DoS occurs when loading a crafted
bmp image that triggers an allocation failure in load_bmp in CImg.h
(CVE-2018-7587).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588).
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h
occurs when loading a crafted bmp image (CVE-2018-7589).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"16 colors" case, aka case 4 (CVE-2018-7637).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"256 colors" case, aka case 8 (CVE-2018-7638).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"16 bits colors" case, aka case 16 (CVE-2018-7639).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
Monochrome case, aka case 1 (CVE-2018-7640).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"32 bits colors" case, aka case 32 (CVE-2018-7641).
References:
- https://bugs.mageia.org/show_bug.cgi?id=23700
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6Z4EMB7JFEKIYRFRANRNDD7ZIIZP6T4Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OCWBP5ZUZHIZXP7IFUEZIJG7Q3VLJXBV/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7587
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7589
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7638
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7639
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7640
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7641
SRPMS:
- 6/core/cimg-2.4.0-1.mga6
- 6/core/gmic-2.4.0-1.2.mga6
Mageia 2018-0438: cimg and gmic security update
Updated cimg and gmic packages fix security vulnerabilities: An issue was discovered in CImg v.220
Summary
Updated cimg and gmic packages fix security vulnerabilities:
An issue was discovered in CImg v.220. DoS occurs when loading a crafted
bmp image that triggers an allocation failure in load_bmp in CImg.h
(CVE-2018-7587).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588).
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h
occurs when loading a crafted bmp image (CVE-2018-7589).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"16 colors" case, aka case 4 (CVE-2018-7637).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"256 colors" case, aka case 8 (CVE-2018-7638).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"16 bits colors" case, aka case 16 (CVE-2018-7639).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
Monochrome case, aka case 1 (CVE-2018-7640).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"32 bits colors" case, aka case 32 (CVE-2018-7641).
References
- https://bugs.mageia.org/show_bug.cgi?id=23700
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6Z4EMB7JFEKIYRFRANRNDD7ZIIZP6T4Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OCWBP5ZUZHIZXP7IFUEZIJG7Q3VLJXBV/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7587
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7588
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7589
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7637
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7638
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7639
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7640
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7641
Resolution
MGASA-2018-0438 - Updated cimg and gmic packages fix security vulnerabilities
SRPMS
- 6/core/cimg-2.4.0-1.mga6
- 6/core/gmic-2.4.0-1.2.mga6
Severity
Publication date: 03 Nov 2018
URL: https://advisories.mageia.org/MGASA-2018-0438.html
Type: security
CVE: CVE-2018-7587,
CVE-2018-7588,
CVE-2018-7589,
CVE-2018-7637,
CVE-2018-7638,
CVE-2018-7639,
CVE-2018-7640,
CVE-2018-7641
News
HOWTOs
About Us
Powered By
