CVE-2018-7587: Buffer Overflow
First published: Thu Mar 01 2018(Updated: )
An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cimg Cimg | =.220 | |
| ubuntu/cimg | <1.7.9+dfsg-2ubuntu0.18.04.1 | 1.7.9+dfsg-2ubuntu0.18.04.1 |
| ubuntu/cimg | <1.7.9+dfsg-2ubuntu0.18.10.1 | 1.7.9+dfsg-2ubuntu0.18.10.1 |
| debian/cimg | <=2.9.4+dfsg-2<=3.2.1+dfsg-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/xiaoqx/pocs/tree/master/cimg
- https://usn.ubuntu.com/4039-1/
- https://launchpad.net/bugs/cve/CVE-2018-7587
- https://security-tracker.debian.org/tracker/CVE-2018-7587
- https://ubuntu.com/security/notices/USN-4039-1
- https://www.cve.org/CVERecord?id=CVE-2018-7587
- https://nvd.nist.gov/vuln/detail/CVE-2018-7587
- https://ubuntu.com/security/CVE-2018-7587
Frequently Asked Questions
What is CVE-2018-7587?
CVE-2018-7587 is a vulnerability in the CImg library that allows denial-of-service (DoS) attacks by loading a crafted bmp image.
What is the severity of CVE-2018-7587?
CVE-2018-7587 has a severity rating of 7.8 out of 10, which is considered high.
What software is affected by CVE-2018-7587?
Versions 1.7.9+dfsg-2ubuntu0.18.04.1 and 1.7.9+dfsg-2ubuntu0.18.10.1 of the 'cimg' package on Ubuntu are affected. Additionally, versions up to 2.4.5+dfsg-1+deb10u1, 2.9.4+dfsg-2, and 3.2.1+dfsg-1 of the 'cimg' package on Debian are also affected.
How can we fix CVE-2018-7587?
To fix CVE-2018-7587, it is recommended to update the 'cimg' package to version 1.7.9+dfsg-2ubuntu0.18.04.1 or 1.7.9+dfsg-2ubuntu0.18.10.1 on Ubuntu, and to one of the fixed versions (2.4.5+dfsg-1+deb10u1, 2.9.4+dfsg-2, or 3.2.1+dfsg-1) on Debian.
Where can I find more information about CVE-2018-7587?
You can find more information about CVE-2018-7587 on the following references: [CVE-2018-7587](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7587), [GitHub POCs](https://github.com/xiaoqx/pocs/tree/master/cimg), [Ubuntu Security Notice](https://ubuntu.com/security/notices/USN-4039-1).
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/tags
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- vendor/cimg
- canonical/cimg cimg
- version/cimg cimg/.220
- package-manager/ubuntu
- package-manager/debian