Mageia 6: 2018-0438 Moderate: cimg and gmic Buffer Overflow DoS
mageia
November 3, 2018
Updated cimg and gmic packages fix security vulnerabilities: An issue was discovered in CImg v.220
Summary
Updated cimg and gmic packages fix security vulnerabilities:
An issue was discovered in CImg v.220. DoS occurs when loading a crafted
bmp image that triggers an allocation failure in load_bmp in CImg.h
(CVE-2018-7587).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588).
An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h
occurs when loading a crafted bmp image (CVE-2018-7589).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"16 colors" case, aka case 4 (CVE-2018-7637).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a
"256 colors" case, aka case 8 (CVE-2018-7638).
An issue was discovered in CImg v.220. A heap-based buffer over-read in
load_bmp in CImg.h occurs when loading a cr...
References
- https://bugs.mageia.org/show_bug.cgi?id=23700
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6Z4EMB7JFEKIYRFRANRNDD7ZIIZP6T4Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OCWBP5ZUZHIZXP7IFUEZIJG7Q3VLJXBV/
- https://www.cve.org/CVERecord?id=CVE-2018-7587
- https://www.cve.org/CVERecord?id=CVE-2018-7588
- https://www.cve.org/CVERecord?id=CVE-2018-7589
- https://www.cve.org/CVERecord?id=CVE-2018-7637
- https://www.cve.org/CVERecord?id=CVE-2018-7638
- https://www.cve.org/CVERecord?id=CVE-2018-7639
- https://www.cve.org/CVERecord?id=CVE-2018-7640
- https://www.cve.org/CVERecord?id=CVE-2018-7641
Topics Covered
Resolution
SRPMS
- 6/core/cimg-2.4.0-1.mga6
- 6/core/gmic-2.4.0-1.2.mga6
PREVIOUS
NEXT
Publication date: 03 Nov 2018
URL: https://advisories.mageia.org/MGASA-2018-0438.html
Type: security
CVE: CVE-2018-7587,
CVE-2018-7588,
CVE-2018-7589,
CVE-2018-7637,
CVE-2018-7638,
CVE-2018-7639,
CVE-2018-7640,
CVE-2018-7641
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!