Bug#1135995: marked as done (trixie-pu: package cimg/3.5.2+dfsg-1+deb13u1)

Debian Bug Tracking System Sat, 16 May 2026 03:43:47 -0700

Your message dated Sat, 16 May 2026 10:23:16 +0000
with message-id <[email protected]>
and subject line Released with 13.5
has caused the Debian Bug report #1135995,
regarding trixie-pu: package cimg/3.5.2+dfsg-1+deb13u1
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1135995: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135995
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:cimg
User: [email protected]
Usertags: pu

  * CVE-2026-42144: Integer overflow in PNM size check
  * CVE-2026-42146: OOM on crafted BMP
  * (Closes: #1135778)

Due to CImg being header-only, binNMUs of beads and tiv
are needed afterwards.

diffstat for cimg-3.5.2+dfsg cimg-3.5.2+dfsg

 changelog                        |    9 +++++++++
 patches/fix-cve-2026-42144.patch |   16 ++++++++++++++++
 patches/fix-cve-2026-42146.patch |   19 +++++++++++++++++++
 patches/series                   |    2 ++
 4 files changed, 46 insertions(+)

diff -Nru cimg-3.5.2+dfsg/debian/changelog cimg-3.5.2+dfsg/debian/changelog
--- cimg-3.5.2+dfsg/debian/changelog    2025-02-21 12:46:14.000000000 +0200
+++ cimg-3.5.2+dfsg/debian/changelog    2026-05-08 14:47:35.000000000 +0300
@@ -1,3 +1,12 @@
+cimg (3.5.2+dfsg-1+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2026-42144: Integer overflow in PNM size check
+  * CVE-2026-42146: OOM on crafted BMP
+  * (Closes: #1135778)
+
+ -- Adrian Bunk <[email protected]>  Fri, 08 May 2026 14:47:35 +0300
+
 cimg (3.5.2+dfsg-1) unstable; urgency=medium
 
   * New upstream version
diff -Nru cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch 
cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch
--- cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch     1970-01-01 
02:00:00.000000000 +0200
+++ cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42144.patch     2026-05-08 
14:47:35.000000000 +0300
@@ -0,0 +1,16 @@
+From: David Tschumperlé <[email protected]>
+Subject: Fix CVE-2026-42144
+Origin: upstream, 
https://github.com/GreycLab/CImg/commit/4ca26bce4d8c61fcd1507d5f9401b9fb1222c27d
+Bug-Debian: https://bugs.debian.org/1135778
+
+--- a/CImg.h
++++ b/CImg.h
+@@ -56352,7 +56352,7 @@
+ 
+       if (filename) { // Check that dimensions specified in file does not 
exceed the buffer dimension
+         const cimg_int64 siz = cimg::fsize(filename);
+-        if (W*H*D>siz)
++        if ((cimg_int64)W*H*D>siz)
+           throw CImgIOException(_cimg_instance
+                                 "load_pnm(): Specified image dimensions in 
file '%s' exceed file size.",
+                                 cimg_instance,
diff -Nru cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch 
cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch
--- cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch     1970-01-01 
02:00:00.000000000 +0200
+++ cimg-3.5.2+dfsg/debian/patches/fix-cve-2026-42146.patch     2026-05-08 
14:47:35.000000000 +0300
@@ -0,0 +1,19 @@
+From: David Tschumperlé <[email protected]>
+Subject: Fix CVE-2026-42146
+Origin: upstream, 
https://github.com/GreycLab/CImg/commit/c3aacf5b96ac1e54b7af1957c6737dbf3949f6d3
+Bug-Debian: https://bugs.debian.org/1135778
+
+--- a/CImg.h
++++ b/CImg.h
+@@ -55744,7 +55744,10 @@
+                               (long)fsiz,filename?filename:"(FILE*)",dx,dy);
+ 
+       CImg<intT> colormap;
+-      if (bpp<16) { if (!nb_colors) nb_colors = 1<<bpp; } else nb_colors = 0;
++      if (bpp<16) {
++        const int max_colors = 1<<bpp;
++        if (nb_colors<=0 || nb_colors>max_colors) nb_colors = max_colors;
++      } else nb_colors = 0;
+       if (nb_colors) { colormap.assign(nb_colors); 
cimg::fread(colormap._data,nb_colors,nfile); }
+ 
+       const int xoffset = offset - 14 - header_size - 4*nb_colors;
diff -Nru cimg-3.5.2+dfsg/debian/patches/series 
cimg-3.5.2+dfsg/debian/patches/series
--- cimg-3.5.2+dfsg/debian/patches/series       2025-02-21 12:46:14.000000000 
+0200
+++ cimg-3.5.2+dfsg/debian/patches/series       2026-05-08 14:47:35.000000000 
+0300
@@ -3,3 +3,5 @@
 # baseline.patch
 privacy.patch
 Imath.patch
+fix-cve-2026-42144.patch
+fix-cve-2026-42146.patch

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 13.5

This update has been released as part of Debian 13.5.

--- End Message ---

Bug#1135995: marked as done (trixie-pu: package cimg/3.5.2+dfsg-1+deb13u1)

Reply via email to