Register | Log in

cimg

Choose email to subscribe with

general

source: cimg (main)
version: 2.8.4+dfsg-1
maintainer: Debian Science Team (archive) (DMD)
uploaders: Andreas Tille [DMD]
arch: all
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.5.9+dfsg-1
o-o-sec: 1.5.9+dfsg-1+deb8u1
oldstable: 1.7.9+dfsg-1
stable: 2.4.5+dfsg-1
testing: 2.8.4+dfsg-1
unstable: 2.8.4+dfsg-1

versioned links

1.5.9+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.5.9+dfsg-1+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.7.9+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.4.5+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.8.4+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

cimg-dev
cimg-doc
cimg-examples

action needed

A new upstream version is available: 2.9.1 high

A new upstream version 2.9.1 is available, you should consider packaging it.

Created: 2020-06-29 Last update: 2020-08-07 12:35

10 security issues in stretch high

There are 10 open security issues in stretch.

1 important issue:

CVE-2019-1010174: CImg The CImg Library v.2.3.3 and earlier is affected by: command injection. The impact is: RCE. The component is: load_network() function. The attack vector is: Loading an image from a user-controllable url can lead to command injection, because no string sanitization is done on the url. The fixed version is: v.2.3.4.

9 issues skipped by the security teams:

CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
CVE-2018-7588: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7589: An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image.
CVE-2018-7637: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 colors" case, aka case 4.
CVE-2018-7638: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "256 colors" case, aka case 8.
CVE-2018-7639: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "16 bits colors" case, aka case 16.
CVE-2018-7640: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
CVE-2018-7641: An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a "32 bits colors" case, aka case 32.
CVE-2019-13568: CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.

Please fix them.

Created: 2018-03-02 Last update: 2020-08-07 06:08

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.

Please fix it.

Created: 2018-03-02 Last update: 2020-08-07 06:08

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.

Please fix it.

Created: 2019-07-07 Last update: 2020-08-07 06:08

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2016-11-07 Last update: 2020-08-07 12:37

lintian reports 21 warnings normal

Lintian reports 21 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:30

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2018-7587: An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
CVE-2019-13568: CImg through 2.6.7 has a heap-based buffer overflow in _load_bmp in CImg.h because of erroneous memory allocation for a malformed BMP image.

Please fix them.

Created: 2018-03-02 Last update: 2020-08-07 06:08

news

[2020-03-07] cimg 2.8.4+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-03-02] Accepted cimg 2.8.4+dfsg-1 (source) into unstable (Andreas Tille)
[2019-09-28] Accepted cimg 1.5.9+dfsg-1+deb8u1 (source all) into oldoldstable (Thorsten Alteholz)
[2019-02-04] cimg 2.4.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-01-30] Accepted cimg 2.4.5+dfsg-1 (source) into unstable (Andreas Tille)
[2018-09-24] cimg 2.3.6+dfsg-1 MIGRATED to testing (Debian testing watch)
[2018-09-18] Accepted cimg 2.3.6+dfsg-1 (source) into unstable (Andreas Tille)
[2017-06-30] cimg 1.7.9+dfsg-2 MIGRATED to testing (Debian testing watch)
[2017-06-25] Accepted cimg 1.7.9+dfsg-2 (source) into unstable (Mattia Rizzolo)
[2016-12-16] cimg 1.7.9+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-12-05] Accepted cimg 1.7.9+dfsg-1 (source all) into unstable (Andreas Tille)
[2016-11-04] cimg 1.7.8+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-10-28] Accepted cimg 1.7.8+dfsg-1 (source all) into unstable (Andreas Tille)
[2016-05-19] cimg REMOVED from testing (Debian testing watch)
[2016-01-10] cimg 1.6.5+dfsg-1 MIGRATED to testing (Debian testing watch)
[2016-01-09] cimg REMOVED from testing (Debian testing watch)
[2015-11-14] cimg 1.6.5+dfsg-1 MIGRATED to testing (Britney)
[2015-11-08] Accepted cimg 1.6.5+dfsg-1 (source all) into unstable (Andreas Tille)
[2015-07-20] cimg 1.6.4+dfsg-1 MIGRATED to testing (Britney)
[2015-07-14] Accepted cimg 1.6.4+dfsg-1 (source all) into unstable (Andreas Tille)
[2014-09-22] cimg 1.5.9+dfsg-1 MIGRATED to testing (Britney)
[2014-09-16] Accepted cimg 1.5.9+dfsg-1 (source all) into unstable (Andreas Tille)
[2014-02-09] cimg 1.5.7+dfsg-1 MIGRATED to testing (Debian testing watch)
[2014-01-29] Accepted cimg 1.5.7+dfsg-1 (source all) (Andreas Tille)
[2013-08-06] cimg 1.5.6-1 MIGRATED to testing (Debian testing watch)
[2013-07-26] Accepted cimg 1.5.6-1 (source all) (Andreas Tille)
[2012-03-31] cimg 1.4.9-2 MIGRATED to testing (Debian testing watch)
[2012-03-21] Accepted cimg 1.4.9-2 (source all) (Andreas Tille)
[2011-07-03] cimg 1.4.9-1 MIGRATED to testing (Debian testing watch)
[2011-06-22] Accepted cimg 1.4.9-1 (source all) (Andreas Tille)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (0, 21)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.8.4+dfsg-1
1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing