CVE-2018-7641 (https://nvd.nist.gov/vuln/detail/CVE-2018-7641): An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32. CVE-2018-7640 (https://nvd.nist.gov/vuln/detail/CVE-2018-7640): An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1. CVE-2018-7639 (https://nvd.nist.gov/vuln/detail/CVE-2018-7639): An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16. CVE-2018-7638 (https://nvd.nist.gov/vuln/detail/CVE-2018-7638): An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8. CVE-2018-7637 (https://nvd.nist.gov/vuln/detail/CVE-2018-7637): An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4. CVE-2018-7589 (https://nvd.nist.gov/vuln/detail/CVE-2018-7589): An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image. CVE-2018-7588 (https://nvd.nist.gov/vuln/detail/CVE-2018-7588): An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. CVE-2018-7587 (https://nvd.nist.gov/vuln/detail/CVE-2018-7587): An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h. Package has no stable ebuild.
@maintainer(s): ping
CVE-2019-13568 (https://nvd.nist.gov/vuln/detail/CVE-2019-13568): CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.
Looks like tree is clean: commit c01b46bb951938e03cea9d69ace134a45ed45770 Author: Tim Harder <radhermit@gentoo.org> Date: Thu Sep 26 21:32:51 2019 -0600 media-libs/cimg: remove old Signed-off-by: Tim Harder <radhermit@gentoo.org> delete mode 100644 media-libs/cimg/cimg-2.6.5.ebuild delete mode 100644 media-libs/cimg/cimg-2.6.7.ebuild
CVE-2018-7588 and CVE-2018-7589 are patched by: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4 CVE-2018-{7637,7638,7639,7640,7641} are patched by: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb CVE-2019-13568 is patched by: https://github.com/dtschump/CImg/commit/ac8003393569aba51048c9d67e1491559877b1d1 Can't find a patch for CVE-2018-7587, but it was found around the same time as a few of the others (https://github.com/xiaoqx/pocs/tree/master/cimg) so it's likely it's patched. Not sure if these are all patched in the version we have: CImg $ git tag --contains=8447076 v.2.2.2 v.2.2.3 v.221 CImg $ git tag --contains=10af1e8 v.2.2.2 v.2.2.3 v.221 CImg $ git tag --contains=ac800339 v.2.7.0 v.2.7.1 v.2.7.2 v.2.7.3 v.2.7.4 v.2.7.5 v.2.8.0 v.2.8.1 v.2.8.2 v.2.8.3 v.2.8.4 v.2.9.0 v.2.9.1
* CVE-2020-25693 Description: "A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity." RH bug: https://bugzilla.redhat.com/show_bug.cgi?id=1893377 "...because the above calculations are used in allocation of heap memory, the flaw can lead to arbitrary heap memory write in subsequent code when specially crafted input is provided to CImg. It is more likely to occur on platforms where the `size_t` type is 32-bit."
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5b3bafccd8614098028fbff39944f99b3e969d2 commit f5b3bafccd8614098028fbff39944f99b3e969d2 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-12-18 02:36:09 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-12-26 22:11:15 +0000 media-libs/cimg: security bump to 2.9.3 Bug: https://bugs.gentoo.org/650426 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/18700 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/cimg/Manifest | 1 + media-libs/cimg/cimg-2.9.3.ebuild | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+)
Package just installs some header and has no consumers? I'm confused. Anyway.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09a6fb8b50373f845d43c3ca668f937e629bd3b1 commit 09a6fb8b50373f845d43c3ca668f937e629bd3b1 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-12-26 22:13:03 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-12-26 22:13:03 +0000 media-libs/cimg: Security cleanup Bug: https://bugs.gentoo.org/650426 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/cimg/Manifest | 2 -- media-libs/cimg/cimg-2.9.0.ebuild | 26 -------------------------- media-libs/cimg/cimg-2.9.1.ebuild | 26 -------------------------- 3 files changed, 54 deletions(-)
Thanks asturm, all done.
