Candidate: CVE-2018-7640
PublicDate: 2018-03-02 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7640
 https://github.com/dtschump/CImg/issues/185
 https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
Description:
 An issue was discovered in CImg v.220. A heap-based buffer over-read in
 load_bmp in CImg.h occurs when loading a crafted bmp image, a different
 vulnerability than CVE-2018-7588. This is in a Monochrome case, aka case 1.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892780
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_cimg:
upstream_cimg: released (2.3.6+dfsg-1)
precise/esm_cimg: DNE
trusty_cimg: ignored (out of standard support)
trusty/esm_cimg: DNE
xenial_cimg: ignored (end of standard support, was needs-triage)
bionic_cimg: needs-triage
focal_cimg: not-affected (2.4.5+dfsg-1)
groovy_cimg: not-affected
hirsute_cimg: not-affected
impish_cimg: not-affected
jammy_cimg: not-affected
devel_cimg: not-affected