Ubuntu has issued an advisory on April 15: https://ubuntu.com/security/notices/USN-7437-1
CVE: (none) => CVE-2024-26540Status comment: (none) => Patches available from UbuntuSource RPM: (none) => cimg-3.2.5-1.mga9.src.rpm
The Ubuntu ref names 2 CVEs: (CVE-2022-1325) (CVE-2024-26540). The first is very old, I guess we have it already. In case we have not, the patch is: https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90 For the newer one: https://ubuntu.com/security/CVE-2024-26540 https://github.com/GreycLab/CImg/issues/403 "My proposal: https://github.com/GreycLab/CImg/commit/cb9c5518905ea370954a59903ff747650c6edd40 Can you tell me if that seems ok ?" "Yes! The changes look good to me." The URL is a patch. Assigning directly to DavidG who currently commits this pkg.
Assignee: bugsquad => geiger.david68210
Suggested advisory: ======================== The updated packages fix a security vulnerability: A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze. (CVE-2024-26540) References: https://ubuntu.com/security/notices/USN-7437-1 ======================== Updated packages in core/updates_testing: ======================== cimg-3.2.5-1.1.mga9 cimg-devel-3.2.5-1.1.mga9 from SRPM: cimg-3.2.5-1.1.mga9.src.rpm
Status: NEW => ASSIGNEDStatus comment: Patches available from Ubuntu => (none)Assignee: geiger.david68210 => qa-bugs
Keywords: (none) => advisory
MGA9-64 Plasma Wayland on Compaq H000SB. No installation issues. Tried a few commands: $ tutorial [CImg] *** CImgIOException *** [instance(0,0,0,0,(nil),non-shared)] CImg<float32>::load(): Failed to open file 'img/parrot.ppm'. terminate called after throwing an instance of 'cimg_library::CImgIOException' what(): [instance(0,0,0,0,(nil),non-shared)] CImg<float32>::load(): Failed to open file 'img/parrot.ppm'. Magick: abort due to signal 6 (SIGABRT) "Abort"... Aborted (core dumped) So tried to feed some picture to the command $ tutorial IMG_1251.jpg [CImg] *** CImgIOException *** [instance(0,0,0,0,(nil),non-shared)] CImg<float32>::load(): Failed to open file 'img/parrot.ppm'. terminate called after throwing an instance of 'cimg_library::CImgIOException' what(): [instance(0,0,0,0,(nil),non-shared)] CImg<float32>::load(): Failed to open file 'img/parrot.ppm'. Magick: abort due to signal 6 (SIGABRT) "Abort"... Aborted (core dumped) I don't know what to think of this as there is no such img/parrot.ppm file in the file list in MCC. $ CImg_demo CImg Library 3.2.5, compiled May 23 2025 ( 12:35:37 ) with the following flags: > Operating System: Unix ('cimg_OS'=1) > CPU endianness: Little Endian > Verbosity mode: Console ('cimg_verbosity'=1) > Stricts warnings: No ('cimg_strict_warnings' undefined) > Support for C++11: Yes ('cimg_use_cpp11'=1) > Using VT100 messages: No ('cimg_use_vt100' undefined) > Display type: X11 ('cimg_display'=1) and a lot more, but it opens a list with options to try. I didn't try all of them, but the ones I tried all seem to do what they say they would. Googling makes me think this is a library for developers, rather than a standalone tool. So if the higher powers judge this sufficient, I will not object the OK.
CC: (none) => herman.viaene
Created attachment 14992 [details] Colour image of parrot Default image for cimg tutorial command. Place it in img directory, relative to testing directory. $ tutorial -h tutorial: View the color profile of an image along the X axis (Jun 10 2023, 13:21:05) -i img/parrot.ppm Input image -blur 1 Variance of gaussian pre-blurring
CC: (none) => tarazed25
However: $ tutorial -blur 2 -i jessica.ppm [CImg] *** CImgIOException *** [instance(0,0,0,0,(nil),non-shared)] CImg<float32>::load(): Failed to open file 'jessica.ppm'. terminate called after throwing an instance of 'cimg_library::CImgIOException' what(): [instance(0,0,0,0,(nil),non-shared)] CImg<float32>::load(): Failed to open file 'jessica.ppm'. Magick: abort due to signal 6 (SIGABRT) "Abort"... Aborted (core dumped)
After the update the parrot demonstration continues to work. Used the mouse to scan in the vertical direction and produce RGB curves for a corresponding horizontal slice. The -i argument does not work for the tutorial command, which is a binary compiled from a CPP source, as is CImg_demo. The CImg_demo continues to work, as in comment #3.
Correction - forgot where the image was. $ tutorial -i JessicaAlba_8.jpg does work and shows the colour profiles when the image is scanned with the mouse. $ tutorial -blur 4 -i JessicaAlba_8.jpg blurs the image and smooths out the RGB profiles.
(In reply to Len Lawrence from comment #7) > Correction - forgot where the image was. > $ tutorial -i JessicaAlba_8.jpg > does work and shows the colour profiles when the image is scanned with the > mouse. > $ tutorial -blur 4 -i JessicaAlba_8.jpg > blurs the image and smooths out the RGB profiles. Your test looks good to me , remove the ok if not so
Whiteboard: (none) => MGA9-64-OK
Looks good to me, too. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0169.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED