Package: release.debian.org Severity: normal Tags: trixie X-Debbugs-Cc: [email protected], [email protected] Control: affects -1 + src:cimg User: [email protected] Usertags: pu
* CVE-2026-42144: Integer overflow in PNM size check * CVE-2026-42146: OOM on crafted BMP * (Closes: #1135778) Due to CImg being header-only, binNMUs of beads and tiv are needed afterwards.
diffstat for cimg-3.5.2+dfsg cimg-3.5.2+dfsg changelog | 9 +++++++++ patches/fix-cve-2026-42144.patch | 16 ++++++++++++++++ patches/fix-cve-2026-42146.patch | 19 +++++++++++++++++++ patches/series | 2 ++ 4 files changed, 46 insertions(+) diff -Nru cimg-3.5.2+dfsg/debian/changelog cimg-3.5.2+dfsg/debian/changelog --- cimg-3.5.2+dfsg/debian/changelog 2025-02-21 12:46:14.000000000 +0200 +++ cimg-3.5.2+dfsg/debian/changelog 2026-05-08 14:47:35.000000000 +0300 @@ -1,3 +1,12 @@ +cimg (3.5.2+dfsg-1+deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * CVE-2026-42144: Integer overflow in PNM size check + * CVE-2026-42146: OOM on crafted BMP + * (Closes: #1135778) + + -- Adrian Bunk <[email protected]> Fri, 08 May 2026 14:47:35 +0300 + cimg (3.5.2+dfsg-1) unstable; urgency=medium * New upstream version diff -Nru cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch --- cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch 1970-01-01 02:00:00.000000000 +0200 +++ cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch 2026-05-08 14:47:35.000000000 +0300 @@ -0,0 +1,16 @@ +From: David Tschumperlé <[email protected]> +Subject: Fix CVE-2026-42144 +Origin: upstream, https://github.com/GreycLab/CImg/commit/4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d +Bug-Debian: https://bugs.debian.org/1135778 + +--- a/CImg.h ++++ b/CImg.h +@@ -56352,7 +56352,7 @@ + + if (filename) { // Check that dimensions specified in file does not exceed the buffer dimension + const cimg_int64 siz = cimg::fsize(filename); +- if (W*H*D>siz) ++ if ((cimg_int64)W*H*D>siz) + throw CImgIOException(_cimg_instance + "load_pnm(): Specified image dimensions in file '%s' exceed file size.", + cimg_instance, diff -Nru cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch --- cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch 1970-01-01 02:00:00.000000000 +0200 +++ cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch 2026-05-08 14:47:35.000000000 +0300 @@ -0,0 +1,19 @@ +From: David Tschumperlé <[email protected]> +Subject: Fix CVE-2026-42146 +Origin: upstream, https://github.com/GreycLab/CImg/commit/c3aacf5b96ac1e54b7af1957c6737dbf3949f6d3 +Bug-Debian: https://bugs.debian.org/1135778 + +--- a/CImg.h ++++ b/CImg.h +@@ -55744,7 +55744,10 @@ + (long)fsiz,filename?filename:"(FILE*)",dx,dy); + + CImg<intT> colormap; +- if (bpp<16) { if (!nb_colors) nb_colors = 1<<bpp; } else nb_colors = 0; ++ if (bpp<16) { ++ const int max_colors = 1<<bpp; ++ if (nb_colors<=0 || nb_colors>max_colors) nb_colors = max_colors; ++ } else nb_colors = 0; + if (nb_colors) { colormap.assign(nb_colors); cimg::fread(colormap._data,nb_colors,nfile); } + + const int xoffset = offset - 14 - header_size - 4*nb_colors; diff -Nru cimg-3.5.2+dfsg/debian/patches/series cimg-3.5.2+dfsg/debian/patches/series --- cimg-3.5.2+dfsg/debian/patches/series 2025-02-21 12:46:14.000000000 +0200 +++ cimg-3.5.2+dfsg/debian/patches/series 2026-05-08 14:47:35.000000000 +0300 @@ -3,3 +3,5 @@ # baseline.patch privacy.patch Imath.patch +fix-cve-2026-42144.patch +fix-cve-2026-42146.patch
-- debian-science-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-science-maintainers
