MGASA-2018-0438

Updated cimg and gmic packages fix security vulnerabilities:

An issue was discovered in CImg v.220. DoS occurs when loading a crafted bmp image that triggers an allocation failure in load_bmp in CImg.h (CVE-2018-7587).

An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7588).

An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image (CVE-2018-7589).

An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16 colors" case, aka case 4 (CVE-2018-7637).

An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "256 colors" case, aka case 8 (CVE-2018-7638).

An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "16 bits colors" case, aka case 16 (CVE-2018-7639).

An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a Monochrome case, aka case 1 (CVE-2018-7640).

An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image. This is in a "32 bits colors" case, aka case 32 (CVE-2018-7641).