freeimage - Debian Package Tracker

general

source: freeimage (main)
version: 3.18.0+ds2-10
maintainer: Debian Science Maintainers (archive) (DMD)
uploaders: Anton Gladky [DMD] – Ghislain Antony Vaillant [DMD]
arch: all any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.18.0+ds2-1+deb10u1
o-o-sec: 3.18.0+ds2-1+deb10u1
oldstable: 3.18.0+ds2-6
stable: 3.18.0+ds2-9
testing: 3.18.0+ds2-9.1
unstable: 3.18.0+ds2-10

versioned links

3.18.0+ds2-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-9: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-9.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libfreeimage-dev
libfreeimage3 (1 bugs: 0, 1, 0, 0)
libfreeimageplus-dev
libfreeimageplus-doc
libfreeimageplus3

action needed

13 security issues in trixie high

There are 13 open security issues in trixie.

13 important issues:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2020-21426: Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-24292: Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-24293: Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24294: Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2020-24295: Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
CVE-2021-33367: Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVE-2021-40262: A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40263: A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40264: NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40265: A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40266: FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.

Created: 2023-06-11 Last update: 2023-09-22 06:08

13 security issues in sid high

There are 13 open security issues in sid.

13 important issues:

CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2020-21426: Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-24292: Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-24293: Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24294: Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2020-24295: Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
CVE-2021-33367: Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVE-2021-40262: A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40263: A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40264: NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40265: A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40266: FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.

Created: 2022-07-04 Last update: 2023-09-22 06:08

16 security issues in buster high

There are 16 open security issues in buster.

13 important issues:

CVE-2020-21426: Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-21427: Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-21428: Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-22524: Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.
CVE-2020-24292: Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-24293: Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24294: Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2020-24295: Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
CVE-2021-40262: A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40263: A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40264: NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40265: A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40266: FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.

3 issues postponed or untriaged:

CVE-2019-12212: (postponed; to be fixed through a stable update) When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: (postponed; to be fixed through a stable update) In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2021-33367: (needs triaging) Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

Created: 2023-08-24 Last update: 2023-09-22 06:08

16 security issues in bullseye high

There are 16 open security issues in bullseye.

8 important issues:

CVE-2020-21426: Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-21427: Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-21428: Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-22524: Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.
CVE-2020-24292: Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-24293: Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24294: Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2020-24295: Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.

8 issues left for the package maintainer to handle:

CVE-2019-12212: (postponed; to be fixed through a stable update) When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: (postponed; to be fixed through a stable update) In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2021-33367: (needs triaging) Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVE-2021-40262: (needs triaging) A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40263: (needs triaging) A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40264: (needs triaging) NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40265: (needs triaging) A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40266: (needs triaging) FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-09-22 06:08

16 security issues in bookworm high

There are 16 open security issues in bookworm.

8 important issues:

CVE-2020-21426: Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-21427: Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-21428: Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-22524: Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.
CVE-2020-24292: Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-24293: Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24294: Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2020-24295: Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.

8 issues left for the package maintainer to handle:

CVE-2019-12212: (postponed; to be fixed through a stable update) When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: (postponed; to be fixed through a stable update) In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2021-33367: (needs triaging) Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVE-2021-40262: (needs triaging) A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40263: (needs triaging) A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40264: (needs triaging) NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40265: (needs triaging) A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40266: (needs triaging) FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2023-09-22 06:08

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  http://sf.net/freeimage FreeImage(\d+)\.zip

Created: 2023-04-20 Last update: 2023-09-22 02:03

lintian reports 1 warning normal

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2023-02-04 09:32

debian/patches: 20 patches to forward upstream low

Among the 20 debian patches available in version 3.18.0+ds2-10 of the package, we noticed the following issues:

20 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-09-20 09:11

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2023-07-06 Last update: 2023-07-06 19:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.6.1).

Created: 2022-12-17 Last update: 2023-09-20 02:53

news

[rss feed]

[2023-09-22] freeimage 3.18.0+ds2-10 MIGRATED to testing (Debian testing watch)
[2023-09-19] Accepted freeimage 3.18.0+ds2-10 (source) into unstable (Bastian Germann) (signed by: bage@debian.org)
[2023-07-17] freeimage 3.18.0+ds2-9.1 MIGRATED to testing (Debian testing watch)
[2023-07-11] Accepted freeimage 3.18.0+ds2-9.1 (source) into unstable (Adrian Bunk)
[2023-02-24] freeimage 3.18.0+ds2-9 MIGRATED to testing (Debian testing watch)
[2023-02-14] Accepted freeimage 3.18.0+ds2-9 (source) into unstable (Dima Kogan)
[2022-08-23] freeimage 3.18.0+ds2-8 MIGRATED to testing (Debian testing watch)
[2022-08-20] Accepted freeimage 3.18.0+ds2-8 (source) into unstable (Anton Gladky)
[2022-05-28] freeimage 3.18.0+ds2-7 MIGRATED to testing (Debian testing watch)
[2022-05-28] freeimage 3.18.0+ds2-7 MIGRATED to testing (Debian testing watch)
[2022-05-26] Accepted freeimage 3.18.0+ds2-7 (source) into unstable (Anton Gladky)
[2020-08-30] freeimage 3.18.0+ds2-6 MIGRATED to testing (Debian testing watch)
[2020-08-30] freeimage 3.18.0+ds2-6 MIGRATED to testing (Debian testing watch)
[2020-08-27] Accepted freeimage 3.18.0+ds2-6 (source) into unstable (Anton Gladky)
[2020-07-19] freeimage 3.18.0+ds2-5 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted freeimage 3.18.0+ds2-5 (source) into unstable (Anton Gladky)
[2020-07-15] Accepted freeimage 3.18.0+ds2-4 (source) into unstable (Anton Gladky)
[2020-01-03] freeimage 3.18.0+ds2-3 MIGRATED to testing (Debian testing watch)
[2020-01-01] Accepted freeimage 3.18.0+ds2-3 (source) into unstable (Anton Gladky)
[2019-12-29] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hugo Lefeuvre)
[2019-12-29] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into stable->embargoed, stable (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable->embargoed, oldstable (Hugo Lefeuvre)
[2019-12-10] Accepted freeimage 3.15.4-4.2+deb8u2 (source amd64) into oldoldstable (Hugo Lefeuvre)
[2019-01-08] freeimage 3.18.0+ds2-1 MIGRATED to testing (Debian testing watch)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1 (source) into unstable (Anton Gladky)
[2019-01-05] Accepted freeimage 3.18.0+ds2-1~exp1 (source) into experimental (Anton Gladky)
[2017-01-23] freeimage 3.17.0+ds1-5 MIGRATED to testing (Debian testing watch)
[2017-01-12] Accepted freeimage 3.17.0+ds1-5 (source) into unstable (Anton Gladky)
[2016-12-24] freeimage 3.17.0+ds1-4 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 11
RC: 2
I&N: 7
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (0, 1)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.18.0+ds2-9.1
4 bugs (2 patches)