Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 939029 (CVE-2023-41484) - media-libs/cimg: memory leak
Summary: media-libs/cimg: memory leak
Status: UNCONFIRMED
Alias: CVE-2023-41484
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://github.com/eddieantonio/imgca...
Whiteboard: ~4 [ebuild/upstream]
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2024-09-04 07:35 UTC by Filip Kobierski
Modified: 2024-09-08 08:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Kobierski 2024-09-04 07:35:25 UTC 
An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.

I have created a PR fixing this:
https://github.com/gentoo/gentoo/pull/38411
Comment 1 Hans de Graaff gentoo-dev Security 2024-09-08 08:30:49 UTC 
I see no references to this issue in the cimg repository. It looks like this was never reported there and we can't be sure if this is fixed somewhere.

Filip: you claim that your PR fixes this, can you explain how this is fixed?