Register | Log in

freeimage

Choose email to subscribe with

general

source: freeimage (main)
version: 3.18.0+ds2-1
maintainer: Debian Science Maintainers (archive) [DMD]
uploaders: Ghislain Antony Vaillant [DMD] – Anton Gladky [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.15.4-4.2+deb8u1
old-sec: 3.15.4-4.2+deb8u1
stable: 3.17.0+ds1-5
testing: 3.18.0+ds2-1
unstable: 3.18.0+ds2-1

versioned links

3.15.4-4.2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.17.0+ds1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libfreeimage-dev
libfreeimage3
libfreeimageplus-dev
libfreeimageplus-doc
libfreeimageplus3

action needed

4 security issues in buster high

There are 4 open security issues in buster.

4 important issues:

CVE-2019-12211: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2019-12213: When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

Please fix them.

Created: 2019-05-20 Last update: 2019-05-22 07:17

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2019-12211: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2019-12213: When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

Please fix them.

Created: 2019-05-20 Last update: 2019-05-22 07:17

4 security issues in jessie high

There are 4 open security issues in jessie.

4 important issues:

CVE-2019-12211: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2019-12213: When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

Please fix them.

Created: 2019-05-20 Last update: 2019-05-22 07:17

4 security issues in stretch high

There are 4 open security issues in stretch.

4 important issues:

CVE-2019-12211: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2019-12213: When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

Please fix them.

Created: 2019-05-20 Last update: 2019-05-22 07:17

Multiarch hinter reports 3 issue(s) normal

There are issues with the multiarch metadata for this package.

libfreeimageplus-doc could be marked Multi-Arch: foreign
libfreeimage-dev could be marked Multi-Arch: same
libfreeimageplus-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2019-05-22 10:55

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2014-07-02 Last update: 2017-06-23 19:20

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.2.1).

Created: 2018-04-16 Last update: 2019-01-06 01:40

testing migrations

This package will soon be part of the auto-openexr transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-ilmbase transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[2019-01-08] freeimage 3.18.0+ds2-1 MIGRATED to testing (Debian testing watch)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1 (source) into unstable (Anton Gladky)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1~exp1 (source) into experimental (Anton Gladky)
[2017-01-23] freeimage 3.17.0+ds1-5 MIGRATED to testing (Debian testing watch)
[2017-01-12] Accepted freeimage 3.17.0+ds1-5 (source) into unstable (Anton Gladky)
[2016-12-24] freeimage 3.17.0+ds1-4 MIGRATED to testing (Debian testing watch)
[2016-12-13] Accepted freeimage 3.17.0+ds1-4 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-14] Accepted freeimage 3.15.4-4.2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (Anton Gladky)
[2016-10-12] freeimage 3.17.0+ds1-3 MIGRATED to testing (Debian testing watch)
[2016-10-11] Accepted freeimage 3.17.0+ds1-3 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-06] Accepted freeimage 3.15.1-1.1+deb7u1 (source amd64) into oldstable (Chris Lamb)
[2016-03-11] freeimage 3.17.0+ds1-2 MIGRATED to testing (Debian testing watch)
[2016-03-05] Accepted freeimage 3.17.0+ds1-2 (source amd64 all) into unstable (Ghislain Antony Vaillant) (signed by: Micha Lenk)
[2016-02-02] freeimage 3.17.0+ds1-1.1 MIGRATED to testing (Debian testing watch)
[2016-01-27] Accepted freeimage 3.17.0+ds1-1.1 (source amd64 all) into unstable (Tobias Frost)
[2016-01-23] freeimage 3.17.0+ds1-1 MIGRATED to testing (Debian testing watch)
[2016-01-18] Accepted freeimage 3.17.0+ds1-1 (source) into unstable (Anton Gladky)
[2016-01-11] Accepted freeimage 3.17.0+ds1-1~exp2 (source) into experimental (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2015-12-20] Accepted freeimage 3.17.0+ds1-1~exp1 (source amd64 all) into experimental, experimental (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2015-11-06] Accepted freeimage 3.15.1-1.1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Anton Gladky)
[2015-11-05] Accepted freeimage 3.15.4-4.2 (source amd64) into proposed-updates->stable-new, proposed-updates (Anton Gladky)
[2015-11-04] freeimage 3.15.4-6 MIGRATED to testing (Britney)
[2015-10-29] Accepted freeimage 3.15.4-6 (source) into unstable (Anton Gladky)
[2015-10-18] Accepted freeimage 3.10.0-4+deb6u1 (source i386) into squeeze-lts (Thorsten Alteholz)
[2015-09-24] freeimage 3.15.4-5 MIGRATED to testing (Britney)
[2015-09-18] Accepted freeimage 3.15.4-5 (source) into unstable (W. Martin Borgert) (signed by: Anton Gladky)
[2014-10-19] freeimage 3.15.4-4.1 MIGRATED to testing (Britney)
[2014-10-08] freeimage 3.15.4-4 MIGRATED to testing (Britney)
[2014-10-08] Accepted freeimage 3.15.4-4.1 (source amd64) into unstable (Ondřej Surý)
[2014-10-02] Accepted freeimage 3.15.4-4 (source mips) into unstable (Anibal Monsalve Salazar)

1
2

bugs [bug history graph]

all: 2
RC: 0
I&N: 2
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
debci
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.18.0+ds2-1ubuntu1
2 bugs (1 patch)
patches for 3.18.0+ds2-1ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing