[Git][security-tracker-team/security-tracker][master] Add new freeimage issues unfortunately with no clear upstream report status

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Jan 10 15:38:07 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b453e7dd by Salvatore Bonaccorso at 2024-01-10T16:36:54+01:00
Add new freeimage issues unfortunately with no clear upstream report status

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,17 +47,28 @@ CVE-2023-50136 (Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allo
 CVE-2023-48864 (SEMCMS v4.8 was discovered to contain a SQL injection vulnerability vi ...)
 	NOT-FOR-US: SEMCMS
 CVE-2023-47997 (An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in F ...)
-	TODO: check
+	- freeimage <unfixed>
+	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997
+	TODO: check upstream reporting status
 CVE-2023-47996 (An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in F ...)
-	TODO: check
+	- freeimage <unfixed>
+	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996
+	TODO: check upstream reporting status
 CVE-2023-47995 (Buffer Overflow vulnerability in BitmapAccess.cpp::FreeImage_AllocateB ...)
-	TODO: check
+	- freeimage <unfixed>
+	TODO: check no sensible references in CVE entry
 CVE-2023-47994 (An integer overflow vulnerability in LoadPixelDataRLE4 function in Plu ...)
-	TODO: check
+	- freeimage <unfixed>
+	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994
+	TODO: check upstream reporting status
 CVE-2023-47993 (A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in Fre ...)
-	TODO: check
+	- freeimage <unfixed>
+	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47993
+	TODO: check upstream reporting status
 CVE-2023-47992 (An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc  ...)
-	TODO: check
+	- freeimage <unfixed>
+	NOTE: https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47992
+	TODO: check upstream reporting status
 CVE-2023-41781 (There is a Cross-sitescripting (XSS) vulnerability in ZTE MF258. Due t ...)
 	NOT-FOR-US: ZTE
 CVE-2023-3043 (AMI\u2019s SPx contains a vulnerability in the BMC where an Attacker m ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b453e7dd76e41a2400b9ce76d037e6f1eb096a7e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b453e7dd76e41a2400b9ce76d037e6f1eb096a7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240110/184ea9b7/attachment.htm>

More information about the debian-security-tracker-commits mailing list