Bug#1059152: freeimage: CVE-2020-24292 CVE-2020-24293 CVE-2020-24294 CVE-2020-24295
Moritz Mühlenhoff
jmm at inutil.org
Wed Dec 20 15:58:23 GMT 2023
Source: freeimage
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for freeimage.
CVE-2020-24292[0]:
| Buffer Overflow vulnerability in load function in PluginICO.cpp in
| FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary
| code via opening of crafted ico file.
CVE-2020-24293[1]:
| Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp
| in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary
| code via opening of crafted psd file.
CVE-2020-24294[2]:
| Buffer Overflow vulnerability in psdParser::UnpackRLE function in
| PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to
| cuase a denial of service via opening of crafted psd file.
CVE-2020-24295[3]:
| Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in
| FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary
| code via use of crafted psd file.
All reported at
https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/
but so far without upstream reaction.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-24292
https://www.cve.org/CVERecord?id=CVE-2020-24292
[1] https://security-tracker.debian.org/tracker/CVE-2020-24293
https://www.cve.org/CVERecord?id=CVE-2020-24293
[2] https://security-tracker.debian.org/tracker/CVE-2020-24294
https://www.cve.org/CVERecord?id=CVE-2020-24294
[3] https://security-tracker.debian.org/tracker/CVE-2020-24295
https://www.cve.org/CVERecord?id=CVE-2020-24295
Please adjust the affected versions in the BTS as needed.
More information about the debian-science-maintainers
mailing list