2020-10-22 09:01:14 |
Kai Dietrich |
bug |
|
|
added bug |
2020-10-22 09:07:41 |
Kai Dietrich |
bug task added |
|
gmic (Ubuntu) |
|
2020-10-22 10:00:59 |
Kai Dietrich |
summary |
Multiple heap buffer overflows by integer overflow |
Multiple heap buffer overflows cause by integer overflow |
|
2020-10-22 10:01:07 |
Kai Dietrich |
summary |
Multiple heap buffer overflows cause by integer overflow |
Multiple heap buffer overflows caused by integer overflow |
|
2020-10-22 10:01:22 |
Kai Dietrich |
summary |
Multiple heap buffer overflows caused by integer overflow |
Multiple heap buffer overflows caused by int overflow |
|
2020-10-22 10:04:32 |
Kai Dietrich |
description |
The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file parsers in CImg.
The most prominent user of CImg is gmic.
The issue is public and fixed in:
https://github.com/dtschump/CImg/pull/295 |
The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file format parsers in CImg.
The most prominent user of CImg is gmic.
The gmic commandline tool directly exposes the load_pnm() functions (and also the other file format load functions) to the user and thus is affected.
The issue is public and fixed in:
https://github.com/dtschump/CImg/pull/295 |
|
2020-10-22 22:52:28 |
Eduardo Barretto |
tags |
|
community-security |
|
2020-10-22 22:53:50 |
Eduardo Barretto |
information type |
Private Security |
Public Security |
|
2020-10-22 22:53:51 |
Eduardo Barretto |
cimg (Ubuntu): status |
New |
Confirmed |
|
2020-10-22 22:53:53 |
Eduardo Barretto |
gmic (Ubuntu): status |
New |
Confirmed |
|
2020-10-29 08:55:15 |
Kai Dietrich |
description |
The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file format parsers in CImg.
The most prominent user of CImg is gmic.
The gmic commandline tool directly exposes the load_pnm() functions (and also the other file format load functions) to the user and thus is affected.
The issue is public and fixed in:
https://github.com/dtschump/CImg/pull/295 |
The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file format parsers in CImg.
The most prominent user of CImg is gmic.
The gmic commandline tool directly exposes the load_pnm() functions (and also the other file format load functions) to the user and thus is affected.
The issue is public and fixed in:
https://github.com/dtschump/CImg/pull/295
Redhat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1892577 |
|
2020-11-04 15:00:22 |
Kai Dietrich |
cve linked |
|
2020-25693 |
|
2020-11-17 07:10:32 |
Kai Dietrich |
description |
The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file format parsers in CImg.
The most prominent user of CImg is gmic.
The gmic commandline tool directly exposes the load_pnm() functions (and also the other file format load functions) to the user and thus is affected.
The issue is public and fixed in:
https://github.com/dtschump/CImg/pull/295
Redhat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1892577 |
The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file format parsers in CImg.
The most prominent user of CImg is gmic.
The gmic commandline tool directly exposes the load_pnm() functions (and also the other file format load functions) to the user and thus is affected.
The issue is public and fixed in:
https://github.com/dtschump/CImg/pull/295
Redhat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1892577
https://bugzilla.redhat.com/show_bug.cgi?id=1893377 |
|