Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 650426 (CVE-2018-7587, CVE-2018-7588, CVE-2018-7589, CVE-2020-7637, CVE-2020-7638, CVE-2020-7639, CVE-2020-7640, CVE-2020-7641) - media-libs/cimg: multiple vulnerabilities (CVE-2018-{7587,7588,7589,7637,7638,7639,7640,7641})
Summary: media-libs/cimg: multiple vulnerabilities (CVE-2018-{7587,7588,7589,7637,7638...
Status: IN_PROGRESS
Alias: CVE-2018-7587, CVE-2018-7588, CVE-2018-7589, CVE-2020-7637, CVE-2020-7638, CVE-2020-7639, CVE-2020-7640, CVE-2020-7641
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~2 [upstream/ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-13 18:23 UTC by GLSAMaker/CVETool Bot
Modified: 2020-07-06 20:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-03-13 18:23:14 UTC
CVE-2018-7641 (https://nvd.nist.gov/vuln/detail/CVE-2018-7641):
  An issue was discovered in CImg v.220. A heap-based buffer over-read in
  load_bmp in CImg.h occurs when loading a crafted bmp image, a different
  vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka
  case 32.

CVE-2018-7640 (https://nvd.nist.gov/vuln/detail/CVE-2018-7640):
  An issue was discovered in CImg v.220. A heap-based buffer over-read in
  load_bmp in CImg.h occurs when loading a crafted bmp image, a different
  vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.

CVE-2018-7639 (https://nvd.nist.gov/vuln/detail/CVE-2018-7639):
  An issue was discovered in CImg v.220. A heap-based buffer over-read in
  load_bmp in CImg.h occurs when loading a crafted bmp image, a different
  vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka
  case 16.

CVE-2018-7638 (https://nvd.nist.gov/vuln/detail/CVE-2018-7638):
  An issue was discovered in CImg v.220. A heap-based buffer over-read in
  load_bmp in CImg.h occurs when loading a crafted bmp image, a different
  vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case
  8.

CVE-2018-7637 (https://nvd.nist.gov/vuln/detail/CVE-2018-7637):
  An issue was discovered in CImg v.220. A heap-based buffer over-read in
  load_bmp in CImg.h occurs when loading a crafted bmp image, a different
  vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.

CVE-2018-7589 (https://nvd.nist.gov/vuln/detail/CVE-2018-7589):
  An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h
  occurs when loading a crafted bmp image.

CVE-2018-7588 (https://nvd.nist.gov/vuln/detail/CVE-2018-7588):
  An issue was discovered in CImg v.220. A heap-based buffer over-read in
  load_bmp in CImg.h occurs when loading a crafted bmp image.

CVE-2018-7587 (https://nvd.nist.gov/vuln/detail/CVE-2018-7587):
  An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp
  image that triggers an allocation failure in load_bmp in CImg.h.


Package has no stable ebuild.
Comment 1 Sam James archtester gentoo-dev Security 2020-04-22 22:14:29 UTC
@maintainer(s): ping
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2020-04-22 22:15:35 UTC
CVE-2019-13568 (https://nvd.nist.gov/vuln/detail/CVE-2019-13568):
  CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h
  because of erroneous memory allocation for a malformed BMP image.
Comment 3 John Helmert III (ajak) 2020-07-04 19:30:39 UTC
Looks like tree is clean:

commit c01b46bb951938e03cea9d69ace134a45ed45770
Author: Tim Harder <radhermit@gentoo.org>
Date:   Thu Sep 26 21:32:51 2019 -0600

    media-libs/cimg: remove old

    Signed-off-by: Tim Harder <radhermit@gentoo.org>

 delete mode 100644 media-libs/cimg/cimg-2.6.5.ebuild
 delete mode 100644 media-libs/cimg/cimg-2.6.7.ebuild
Comment 4 John Helmert III (ajak) 2020-07-06 20:28:33 UTC
CVE-2018-7588 and CVE-2018-7589 are patched by: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4

CVE-2018-{7637,7638,7639,7640,7641} are patched by: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb

CVE-2019-13568 is patched by: https://github.com/dtschump/CImg/commit/ac8003393569aba51048c9d67e1491559877b1d1

Can't find a patch for CVE-2018-7587, but it was found around the same time as a few of the others (https://github.com/xiaoqx/pocs/tree/master/cimg) so it's likely it's patched.

Not sure if these are all patched in the version we have:

CImg $ git tag --contains=8447076
v.2.2.2
v.2.2.3
v.221
CImg $ git tag --contains=10af1e8
v.2.2.2
v.2.2.3
v.221
CImg $ git tag --contains=ac800339
v.2.7.0
v.2.7.1
v.2.7.2
v.2.7.3
v.2.7.4
v.2.7.5
v.2.8.0
v.2.8.1
v.2.8.2
v.2.8.3
v.2.8.4
v.2.9.0
v.2.9.1