Register | Log in

freeimage

Choose email to subscribe with

general

source: freeimage (main)
version: 3.18.0+ds2-1
maintainer: Debian Science Maintainers (archive) (DMD)
uploaders: Ghislain Antony Vaillant [DMD] – Anton Gladky [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.15.4-4.2+deb8u1
o-o-sec: 3.15.4-4.2+deb8u1
oldstable: 3.17.0+ds1-5
stable: 3.18.0+ds2-1
testing: 3.18.0+ds2-1
unstable: 3.18.0+ds2-1

versioned links

3.15.4-4.2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.17.0+ds1-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libfreeimage-dev
libfreeimage3 (1 bugs: 0, 1, 0, 0)
libfreeimageplus-dev
libfreeimageplus-doc
libfreeimageplus3

action needed

4 security issues in bullseye high

There are 4 open security issues in bullseye.

4 important issues:

CVE-2019-12211: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12213: When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-07-07 Last update: 2019-10-21 00:30

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2019-12211: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12213: When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-05-20 Last update: 2019-10-21 00:30

4 security issues in jessie high

There are 4 open security issues in jessie.

4 important issues:

CVE-2019-12211: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12213: When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-05-20 Last update: 2019-10-21 00:30

Multiarch hinter reports 3 issue(s) normal

There are issues with the multiarch metadata for this package.

libfreeimageplus-doc could be marked Multi-Arch: foreign
libfreeimage-dev could be marked Multi-Arch: same
libfreeimageplus-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2019-12-06 09:52

4 ignored security issues in buster low

There are 4 open security issues in buster.

4 issues skipped by the security teams:

CVE-2019-12211: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12213: When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-05-20 Last update: 2019-10-21 00:30

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2019-12211: When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12213: When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Please fix them.

Created: 2019-05-20 Last update: 2019-10-21 00:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2014-07-02 Last update: 2017-06-23 19:20

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.2.1).

Created: 2018-04-16 Last update: 2019-09-29 23:40

news

[2019-01-08] freeimage 3.18.0+ds2-1 MIGRATED to testing (Debian testing watch)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1 (source) into unstable (Anton Gladky)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1~exp1 (source) into experimental (Anton Gladky)
[2017-01-23] freeimage 3.17.0+ds1-5 MIGRATED to testing (Debian testing watch)
[2017-01-12] Accepted freeimage 3.17.0+ds1-5 (source) into unstable (Anton Gladky)
[2016-12-24] freeimage 3.17.0+ds1-4 MIGRATED to testing (Debian testing watch)
[2016-12-13] Accepted freeimage 3.17.0+ds1-4 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-14] Accepted freeimage 3.15.4-4.2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (Anton Gladky)
[2016-10-12] freeimage 3.17.0+ds1-3 MIGRATED to testing (Debian testing watch)
[2016-10-11] Accepted freeimage 3.17.0+ds1-3 (source) into unstable (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2016-10-06] Accepted freeimage 3.15.1-1.1+deb7u1 (source amd64) into oldstable (Chris Lamb)
[2016-03-11] freeimage 3.17.0+ds1-2 MIGRATED to testing (Debian testing watch)
[2016-03-05] Accepted freeimage 3.17.0+ds1-2 (source amd64 all) into unstable (Ghislain Antony Vaillant) (signed by: Micha Lenk)
[2016-02-02] freeimage 3.17.0+ds1-1.1 MIGRATED to testing (Debian testing watch)
[2016-01-27] Accepted freeimage 3.17.0+ds1-1.1 (source amd64 all) into unstable (Tobias Frost)
[2016-01-23] freeimage 3.17.0+ds1-1 MIGRATED to testing (Debian testing watch)
[2016-01-18] Accepted freeimage 3.17.0+ds1-1 (source) into unstable (Anton Gladky)
[2016-01-11] Accepted freeimage 3.17.0+ds1-1~exp2 (source) into experimental (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2015-12-20] Accepted freeimage 3.17.0+ds1-1~exp1 (source amd64 all) into experimental, experimental (Ghislain Antony Vaillant) (signed by: Anton Gladky)
[2015-11-06] Accepted freeimage 3.15.1-1.1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Anton Gladky)
[2015-11-05] Accepted freeimage 3.15.4-4.2 (source amd64) into proposed-updates->stable-new, proposed-updates (Anton Gladky)
[2015-11-04] freeimage 3.15.4-6 MIGRATED to testing (Britney)
[2015-10-29] Accepted freeimage 3.15.4-6 (source) into unstable (Anton Gladky)
[2015-10-18] Accepted freeimage 3.10.0-4+deb6u1 (source i386) into squeeze-lts (Thorsten Alteholz)
[2015-09-24] freeimage 3.15.4-5 MIGRATED to testing (Britney)
[2015-09-18] Accepted freeimage 3.15.4-5 (source) into unstable (W. Martin Borgert) (signed by: Anton Gladky)
[2014-10-19] freeimage 3.15.4-4.1 MIGRATED to testing (Britney)
[2014-10-08] freeimage 3.15.4-4 MIGRATED to testing (Britney)
[2014-10-08] Accepted freeimage 3.15.4-4.1 (source amd64) into unstable (Ondřej Surý)
[2014-10-02] Accepted freeimage 3.15.4-4 (source mips) into unstable (Anibal Monsalve Salazar)

1
2

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.18.0+ds2-1ubuntu1
3 bugs (2 patches)
patches for 3.18.0+ds2-1ubuntu1

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing