UbuntuUpdates.org

Package "cimg"

Name: cimg

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • powerful image processing library
  • documentation of cimg-dev imaging library
  • examples for cimg-dev imaging library
Latest version: 1.7.9+dfsg-2ubuntu0.18.04.2
Release: bionic (18.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "cimg" in Bionic

Repository Area Version
base universe 1.7.9+dfsg-2build1
security universe 1.7.9+dfsg-2ubuntu0.18.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.7.9+dfsg-2ubuntu0.18.04.2 2021-10-19 17:06:23 UTC

  cimg (1.7.9+dfsg-2ubuntu0.18.04.2) bionic-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds Read
    - debian/patches/CVE-2018-7637-7638-7639-7640-7641.patch: Fix other issues
      in 'CImg<T>::load_bmp()'.
    - CVE-2018-7637
    - CVE-2018-7638
    - CVE-2018-7639
    - CVE-2018-7640
    - CVE-2018-7641
  * SECURITY UPDATE: Command Injection
    - debian/patches/CVE-2019-13568.patch: Fix buffer assigning.
    - debian/patches/CVE-2019-1010174.patch: Add string sanitization.
    - CVE-2019-13568
    - CVE-2019-1010174
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/0001-Fix-multiple-heap-buffer-overflows.patch: Fix
      multiple heap buffer overflows.

 -- Paulo Flabiano Smorigo <email address hidden> Thu, 07 Oct 2021 19:11:30 +0000
Source diff to previous version
CVE-2018-7637 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulne
CVE-2018-7638 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulne
CVE-2018-7639 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulne
CVE-2018-7640 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulne
CVE-2018-7641 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulne
CVE-2019-13568 CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.
CVE-2019-1010174 CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attac

Version: 1.7.9+dfsg-2ubuntu0.18.04.1 2019-06-26 20:07:43 UTC

  cimg (1.7.9+dfsg-2ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: a double free in load_bmp in CImg.h can occur when
    loading a crafted bmp image
    - debian/patches/CVE-2018-7589_7588_7587.patch: add additional checks
      for malformed input in load_bmp()
    - CVE-2018-7589
    - CVE-2018-7588
    - CVE-2018-7587

 -- Daniel Wang <email address hidden> Tue, 18 Jun 2019 12:21:31 -0700
CVE-2018-7589 An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7588 An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7587 An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.


About   -   Send Feedback to @ubuntu_updates