Bug#1051736: freeimage: CVE-2020-21426
Moritz Mühlenhoff
jmm at inutil.org
Mon Sep 11 22:01:23 BST 2023
Source: freeimage
X-Debbugs-CC: team at security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for freeimage.
CVE-2020-21426[0]:
| Buffer Overflow vulnerability in function C_IStream::read in
| PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run
| arbitrary code and cause other impacts via crafted image file.
https://sourceforge.net/p/freeimage/bugs/300/
The bug mentions "fixed in the SVN" version, but it's unclear with which
commit and when.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-21426
https://www.cve.org/CVERecord?id=CVE-2020-21426
Please adjust the affected versions in the BTS as needed.
More information about the debian-science-maintainers
mailing list