[Secure-testing-commits] r45054 - data/CVE

[Salvatore Bonaccorso]

Author: carnil
Date: 2016-10-05 07:50:51 +0000 (Wed, 05 Oct 2016)
New Revision: 45054

Modified:
   data/CVE/list
Log:
Add CVE-2016-5684/freeimage

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-10-05 07:49:15 UTC (rev 45053)
+++ data/CVE/list	2016-10-05 07:50:51 UTC (rev 45054)
@@ -8484,8 +8484,12 @@
 	RESERVED
 CVE-2016-5685
 	RESERVED
-CVE-2016-5684
+CVE-2016-5684 [XMP Image Handling Code Execution Vulnerability]
 	RESERVED
+	- freeimage <unfixed>
+	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0189/
+	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17&r2=1.18
+	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19
 CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL Server ...)
 	TODO: check
 CVE-2016-5682