** Description changed: The CImg library uses an unsafe pattern to calculate memory allocations size. At least in the PNM file format parser, an attacker can trivially supply width/height fields that overflow the heap and result in arbitrary heap writes. This probably also affects other file format parsers in CImg. The most prominent user of CImg is gmic. The gmic commandline tool directly exposes the load_pnm() functions (and also the other file format load functions) to the user and thus is affected. The issue is public and fixed in: https://github.com/dtschump/CImg/pull/295 + + Redhat bug: + https://bugzilla.redhat.com/show_bug.cgi?id=1892577
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1900983 Title: Multiple heap buffer overflows caused by int overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
