Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 18.04 LTS: USN-4529-1 Moderate: FreeImage Buffer Overflow

ubuntu
Calendar Grey September 22, 2020
Dist Ubuntu Esm H88
Uncover vital enhancements for FreeImage within Ubuntu that tackle memory vulnerabilities, bolstering overall system protection.
Several security issues were fixed in FreeImage.

Summary

Several security issues were fixed in FreeImage.

Software Description:

- freeimage: Support library for graphics image formats

Details:

It was discovered that FreeImage incorrectly handled certain memory

operations. If a user were tricked into opening a crafted TIFF file, a

remote attacker could use this issue to cause a heap buffer overflow,

resulting in a denial of service attack. (CVE-2019-12211)

It was discovered that FreeImage incorrectly processed images under

certain circumstances. If a user were tricked into opening a crafted

TIFF file, a remote attacker could possibly use this issue to cause a

stack exhaustion condition, resulting in a denial of service attack.

(CVE-2019-12213)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libfreeimage-dev                3.17.0+ds1-5+deb9u1build0.18.04.1
  libfreeimage3                   3.17.0+ds1-5+deb9u1build0.18.04.1
  libfreeimageplus-dev            3.17.0+ds1-5+deb9u1build0.18.04.1
  libfreeimageplus3               3.17.0+ds1-5+deb9u1build0.18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4529-1

CVE-2019-12211, CVE-2019-12213

September 22, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here