freeimage - Debian Package Tracker

general

source: freeimage (main)
version: 3.18.0+ds2-10
maintainer: Debian Science Maintainers (archive) (DMD)
uploaders: Anton Gladky [DMD] – Ghislain Antony Vaillant [DMD]
arch: all any
std-ver: 4.6.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.18.0+ds2-1+deb10u1
o-o-sec: 3.18.0+ds2-1+deb10u2
oldstable: 3.18.0+ds2-6+deb11u1
old-sec: 3.18.0+ds2-6+deb11u1
stable: 3.18.0+ds2-9+deb12u1
stable-sec: 3.18.0+ds2-9+deb12u1
testing: 3.18.0+ds2-10
unstable: 3.18.0+ds2-10

versioned links

3.18.0+ds2-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-1+deb10u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-6+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-9+deb12u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.18.0+ds2-10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libfreeimage-dev
libfreeimage3 (1 bugs: 0, 1, 0, 0)
libfreeimageplus-dev
libfreeimageplus-doc
libfreeimageplus3

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  http://sf.net/freeimage FreeImage(\d+)\.zip

Created: 2023-04-20 Last update: 2024-11-21 07:30

44 security issues in trixie high

There are 44 open security issues in trixie.

44 important issues:

CVE-2024-9029: A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2020-21426: Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-24292: Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-24293: Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24294: Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2020-24295: Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
CVE-2021-33367: Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVE-2021-40262: A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40263: A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40264: NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40265: A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40266: FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.
CVE-2023-47992: An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.
CVE-2023-47993: A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.
CVE-2023-47994: An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.
CVE-2023-47995: Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.
CVE-2023-47996: An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.
CVE-2023-47997: An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.
CVE-2024-28562: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format.
CVE-2024-28563: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format.
CVE-2024-28564: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format.
CVE-2024-28565: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.
CVE-2024-28566: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format.
CVE-2024-28567: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format.
CVE-2024-28568: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format.
CVE-2024-28569: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format.
CVE-2024-28570: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format.
CVE-2024-28571: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.
CVE-2024-28572: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.
CVE-2024-28573: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format.
CVE-2024-28574: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.
CVE-2024-28575: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.
CVE-2024-28576: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format.
CVE-2024-28577: Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.
CVE-2024-28578: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format.
CVE-2024-28579: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format.
CVE-2024-28580: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.
CVE-2024-28581: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.
CVE-2024-28582: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.
CVE-2024-28583: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.
CVE-2024-28584: Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.
CVE-2024-31570: libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.

Created: 2023-06-11 Last update: 2024-10-04 15:01

44 security issues in sid high

There are 44 open security issues in sid.

44 important issues:

CVE-2024-9029: A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.
CVE-2019-12212: When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2020-21426: Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-24292: Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-24293: Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24294: Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2020-24295: Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
CVE-2021-33367: Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVE-2021-40262: A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40263: A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40264: NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40265: A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40266: FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.
CVE-2023-47992: An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.
CVE-2023-47993: A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.
CVE-2023-47994: An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.
CVE-2023-47995: Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.
CVE-2023-47996: An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.
CVE-2023-47997: An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.
CVE-2024-28562: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format.
CVE-2024-28563: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format.
CVE-2024-28564: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format.
CVE-2024-28565: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.
CVE-2024-28566: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format.
CVE-2024-28567: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format.
CVE-2024-28568: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format.
CVE-2024-28569: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format.
CVE-2024-28570: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format.
CVE-2024-28571: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.
CVE-2024-28572: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.
CVE-2024-28573: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format.
CVE-2024-28574: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.
CVE-2024-28575: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.
CVE-2024-28576: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format.
CVE-2024-28577: Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.
CVE-2024-28578: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format.
CVE-2024-28579: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format.
CVE-2024-28580: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.
CVE-2024-28581: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.
CVE-2024-28582: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.
CVE-2024-28583: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.
CVE-2024-28584: Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.
CVE-2024-31570: libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.

Created: 2022-07-04 Last update: 2024-10-04 15:01

42 security issues in buster high

There are 42 open security issues in buster.

14 important issues:

CVE-2020-24292: Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-24293: Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24295: Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
CVE-2023-47995: Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.
CVE-2023-47997: An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.
CVE-2024-28562: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format.
CVE-2024-28566: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format.
CVE-2024-28569: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format.
CVE-2024-28571: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.
CVE-2024-28578: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format.
CVE-2024-28580: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.
CVE-2024-28581: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.
CVE-2024-28582: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.
CVE-2024-28583: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.

28 issues postponed or untriaged:

CVE-2019-12212: (postponed; to be fixed through a stable update) When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: (postponed; to be fixed through a stable update) In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2020-21426: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-24294: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2021-33367: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVE-2021-40262: (needs triaging) A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40263: (postponed; to be fixed through a stable update) A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40264: (needs triaging) NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40265: (needs triaging) A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40266: (postponed; to be fixed through a stable update) FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.
CVE-2023-47992: (postponed; to be fixed through a stable update) An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.
CVE-2023-47993: (postponed; to be fixed through a stable update) A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.
CVE-2023-47994: (postponed; to be fixed through a stable update) An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.
CVE-2023-47996: (postponed; to be fixed through a stable update) An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.
CVE-2024-28563: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format.
CVE-2024-28564: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format.
CVE-2024-28565: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.
CVE-2024-28567: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format.
CVE-2024-28568: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format.
CVE-2024-28570: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format.
CVE-2024-28572: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.
CVE-2024-28573: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format.
CVE-2024-28574: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.
CVE-2024-28575: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.
CVE-2024-28576: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format.
CVE-2024-28577: (postponed; to be fixed through a stable update) Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.
CVE-2024-28579: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format.
CVE-2024-28584: (postponed; to be fixed through a stable update) Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.

Created: 2024-03-20 Last update: 2024-04-12 00:46

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2024-02-29 00:08

44 low-priority security issues in bookworm low

There are 44 open security issues in bookworm.

44 issues left for the package maintainer to handle:

CVE-2024-9029: (needs triaging) A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.
CVE-2019-12212: (postponed; to be fixed through a stable update) When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVE-2019-12214: (postponed; to be fixed through a stable update) In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVE-2020-21426: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-24292: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
CVE-2020-24293: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
CVE-2020-24294: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
CVE-2020-24295: (postponed; to be fixed through a stable update) Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
CVE-2021-33367: (needs triaging) Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVE-2021-40262: (needs triaging) A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
CVE-2021-40263: (needs triaging) A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
CVE-2021-40264: (needs triaging) NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
CVE-2021-40265: (needs triaging) A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
CVE-2021-40266: (needs triaging) FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.
CVE-2023-47992: (postponed; to be fixed through a stable update) An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.
CVE-2023-47993: (postponed; to be fixed through a stable update) A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.
CVE-2023-47994: (postponed; to be fixed through a stable update) An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.
CVE-2023-47995: (postponed; to be fixed through a stable update) Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.
CVE-2023-47996: (postponed; to be fixed through a stable update) An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.
CVE-2023-47997: (postponed; to be fixed through a stable update) An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.
CVE-2024-28562: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format.
CVE-2024-28563: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format.
CVE-2024-28564: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format.
CVE-2024-28565: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.
CVE-2024-28566: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format.
CVE-2024-28567: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format.
CVE-2024-28568: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format.
CVE-2024-28569: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format.
CVE-2024-28570: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format.
CVE-2024-28571: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.
CVE-2024-28572: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.
CVE-2024-28573: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format.
CVE-2024-28574: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.
CVE-2024-28575: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.
CVE-2024-28576: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format.
CVE-2024-28577: (needs triaging) Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.
CVE-2024-28578: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format.
CVE-2024-28579: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format.
CVE-2024-28580: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.
CVE-2024-28581: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.
CVE-2024-28582: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.
CVE-2024-28583: (needs triaging) Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.
CVE-2024-28584: (needs triaging) Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.
CVE-2024-31570: (needs triaging) libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2024-10-04 15:01

debian/patches: 20 patches to forward upstream low

Among the 20 debian patches available in version 3.18.0+ds2-10 of the package, we noticed the following issues:

20 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-09-20 09:11

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2023-07-06 Last update: 2023-07-06 19:32

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.0 instead of 4.6.1).

Created: 2022-12-17 Last update: 2024-04-07 13:16

news

[rss feed]

[2023-12-18] Accepted freeimage 3.18.0+ds2-6+deb11u1 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2023-12-18] Accepted freeimage 3.18.0+ds2-9+deb12u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2023-12-17] Accepted freeimage 3.18.0+ds2-6+deb11u1 (source) into oldstable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2023-12-17] Accepted freeimage 3.18.0+ds2-9+deb12u1 (source) into stable-security (Debian FTP Masters) (signed by: Moritz Mühlenhoff)
[2023-11-24] Accepted freeimage 3.18.0+ds2-1+deb10u2 (source) into oldoldstable (Anton Gladky)
[2023-09-22] freeimage 3.18.0+ds2-10 MIGRATED to testing (Debian testing watch)
[2023-09-19] Accepted freeimage 3.18.0+ds2-10 (source) into unstable (Bastian Germann) (signed by: bage@debian.org)
[2023-07-17] freeimage 3.18.0+ds2-9.1 MIGRATED to testing (Debian testing watch)
[2023-07-11] Accepted freeimage 3.18.0+ds2-9.1 (source) into unstable (Adrian Bunk)
[2023-02-24] freeimage 3.18.0+ds2-9 MIGRATED to testing (Debian testing watch)
[2023-02-14] Accepted freeimage 3.18.0+ds2-9 (source) into unstable (Dima Kogan)
[2022-08-23] freeimage 3.18.0+ds2-8 MIGRATED to testing (Debian testing watch)
[2022-08-20] Accepted freeimage 3.18.0+ds2-8 (source) into unstable (Anton Gladky)
[2022-05-28] freeimage 3.18.0+ds2-7 MIGRATED to testing (Debian testing watch)
[2022-05-28] freeimage 3.18.0+ds2-7 MIGRATED to testing (Debian testing watch)
[2022-05-26] Accepted freeimage 3.18.0+ds2-7 (source) into unstable (Anton Gladky)
[2020-08-30] freeimage 3.18.0+ds2-6 MIGRATED to testing (Debian testing watch)
[2020-08-30] freeimage 3.18.0+ds2-6 MIGRATED to testing (Debian testing watch)
[2020-08-27] Accepted freeimage 3.18.0+ds2-6 (source) into unstable (Anton Gladky)
[2020-07-19] freeimage 3.18.0+ds2-5 MIGRATED to testing (Debian testing watch)
[2020-07-16] Accepted freeimage 3.18.0+ds2-5 (source) into unstable (Anton Gladky)
[2020-07-15] Accepted freeimage 3.18.0+ds2-4 (source) into unstable (Anton Gladky)
[2020-01-03] freeimage 3.18.0+ds2-3 MIGRATED to testing (Debian testing watch)
[2020-01-01] Accepted freeimage 3.18.0+ds2-3 (source) into unstable (Anton Gladky)
[2019-12-29] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Hugo Lefeuvre)
[2019-12-29] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.18.0+ds2-1+deb10u1 (source amd64 all) into stable->embargoed, stable (Hugo Lefeuvre)
[2019-12-27] Accepted freeimage 3.17.0+ds1-5+deb9u1 (source amd64 all) into oldstable->embargoed, oldstable (Hugo Lefeuvre)
[2019-12-10] Accepted freeimage 3.15.4-4.2+deb8u2 (source amd64) into oldoldstable (Hugo Lefeuvre)
[2019-01-08] freeimage 3.18.0+ds2-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 21
RC: 0
I&N: 19
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian (0, 2)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.18.0+ds2-10build4
5 bugs (2 patches)