VDB

GCVE-110-MAGEIA-2018-438

GCVE-110-MAGEIA-2018-438
Advisory Published
Vulnetix · Advisory published November 3, 2018
Updated cimg and gmic packages fix security vulnerabilities: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h (CVE-2018-7587). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588). An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7589). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16 colors" case, aka case 4 (CVE-2018-7637). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "256 colors" case, aka case 8 (CVE-2018-7638). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16 bits colors" case, aka case 16 (CVE-2018-7639). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a Monochrome case, aka case 1 (CVE-2018-7640). An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "32 bits colors" case, aka case 32 (CVE-2018-7641).

Affected Products

VendorProductVersionsPlatforms
Mageiagmic0 (affected), 2.4.0-1.2.mga6 (unaffected)
Mageiacimg0 (affected), 2.4.0-1.mga6 (unaffected)

Browse GCVE Records

73,044 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›