{"id":"MGASA-2018-0438","summary":"Updated cimg and gmic packages fix security vulnerabilities","details":"Updated cimg and gmic packages fix security vulnerabilities:\n\nAn issue was discovered in CImg v.220. DoS occurs when loading a crafted\nbmp image that triggers an allocation failure in load_bmp in CImg.h\n(CVE-2018-7587).\n\nAn issue was discovered in CImg v.220. A heap-based buffer over-read in\nload_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588).\n\nAn issue was discovered in CImg v.220. A double free in load_bmp in CImg.h\noccurs when loading a crafted bmp image (CVE-2018-7589).\n\nAn issue was discovered in CImg v.220. A heap-based buffer over-read in\nload_bmp in CImg.h occurs when loading a crafted bmp image. This is in a\n\"16 colors\" case, aka case 4 (CVE-2018-7637).\n\nAn issue was discovered in CImg v.220. A heap-based buffer over-read in\nload_bmp in CImg.h occurs when loading a crafted bmp image. This is in a\n\"256 colors\" case, aka case 8 (CVE-2018-7638).\n\nAn issue was discovered in CImg v.220. A heap-based buffer over-read in\nload_bmp in CImg.h occurs when loading a crafted bmp image. This is in a\n\"16 bits colors\" case, aka case 16 (CVE-2018-7639).\n\nAn issue was discovered in CImg v.220. A heap-based buffer over-read in\nload_bmp in CImg.h occurs when loading a crafted bmp image. This is in a\nMonochrome case, aka case 1 (CVE-2018-7640).\n\nAn issue was discovered in CImg v.220. A heap-based buffer over-read in\nload_bmp in CImg.h occurs when loading a crafted bmp image. This is in a\n\"32 bits colors\" case, aka case 32 (CVE-2018-7641).\n","modified":"2026-04-16T06:22:36.187436630Z","published":"2018-11-03T19:20:21Z","upstream":["CVE-2018-7587","CVE-2018-7588","CVE-2018-7589","CVE-2018-7637","CVE-2018-7638","CVE-2018-7639","CVE-2018-7640","CVE-2018-7641"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0438.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=23700"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6Z4EMB7JFEKIYRFRANRNDD7ZIIZP6T4Z/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OCWBP5ZUZHIZXP7IFUEZIJG7Q3VLJXBV/"}],"affected":[{"package":{"name":"cimg","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/cimg?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.0-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0438.json"}},{"package":{"name":"gmic","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/gmic?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.0-1.2.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0438.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}