Search...

CVE-2015-0852

2015-09-29T14:59:00

ID CVE-2015-0852
Type cve
Reporter NVD
Modified 2017-06-30T21:29:13

Description

Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.

JSON Vulners Source

Initial Source

{"title": "CVE-2015-0852", "reporter": "NVD", "published": "2015-09-29T14:59:00", "cpe": ["cpe:/a:freeimage_project:freeimage:3.17.0"], "cvelist": ["CVE-2015-0852"], "viewCount": 0, "objectVersion": "1.3", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0852", "bulletinFamily": "NVD", "hashmap": [{"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "d9c6a844c8a7581633d695b3c496958e", "key": "cpe"}, {"hash": "6780c465baf2b21c3ae30385b7fb1938", "key": "cvelist"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "20f5cea6c17e7137aad03dd68632812c", "key": "description"}, {"hash": "3bf638e1fedb2e2f60a9da3180c7640f", "key": "href"}, {"hash": "547badc2653520c7aed8f19f496ee990", "key": "modified"}, {"hash": "c9e4111eb18b54bf620e86dbae883dd8", "key": "published"}, {"hash": "e1933f2c0cf1392976b40fd08d095d3a", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "6685f5e5206431e145d64fa79c9b1f50", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}], "history": [{"bulletin": {"reporter": "NVD", "published": "2015-09-29T14:59:00", "cvelist": ["CVE-2015-0852"], "title": "CVE-2015-0852", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0852", "bulletinFamily": "NVD", "id": "CVE-2015-0852", "history": [], "scanner": [], "cpe": ["cpe:/a:freeimage_project:freeimage:3.17.0"], "modified": "2015-09-30T13:39:13", "hash": "d8c1567ef1b31cb9694aa313fc04828221dd1f4d59f707eb6eefb1204ff01573", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "viewCount": 0, "edition": 1, "assessment": {"name": "", "href": "", "system": ""}, "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165", "http://www.openwall.com/lists/oss-security/2015/08/28/1"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d9c6a844c8a7581633d695b3c496958e", "key": "cpe"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "6685f5e5206431e145d64fa79c9b1f50", "key": "title"}, {"hash": "6780c465baf2b21c3ae30385b7fb1938", "key": "cvelist"}, {"hash": "b73c6a44a4842e2109cb9f029a2fb887", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "3bf638e1fedb2e2f60a9da3180c7640f", "key": "href"}, {"hash": "c9e4111eb18b54bf620e86dbae883dd8", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "20f5cea6c17e7137aad03dd68632812c", "key": "description"}, {"hash": "c84c8e917df26c6a175d8b04859fa2cc", "key": "modified"}], "lastseen": "2016-09-03T22:00:20", "description": "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window."}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T22:00:20"}, {"bulletin": {"reporter": "NVD", "published": "2015-09-29T14:59:00", "cvelist": ["CVE-2015-0852"], "title": "CVE-2015-0852", "objectVersion": "1.2", "description": "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0852", "bulletinFamily": "NVD", "id": "CVE-2015-0852", "history": [], "scanner": [], "enchantments": {}, "modified": "2016-12-07T22:07:00", "hash": "52c08e3f316dbadcf3529637bc38df9a9f780d6a1513e3aa50a1b48f74b580fb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "viewCount": 0, "edition": 2, "cpe": ["cpe:/a:freeimage_project:freeimage:3.17.0"], "references": ["http://www.securitytracker.com/id/1034077", "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html", "http://www.debian.org/security/2015/dsa-3392", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165", "http://www.openwall.com/lists/oss-security/2015/08/28/1", "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html"], "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "9309df143bc1f7a24876e9df81ef8693", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "d9c6a844c8a7581633d695b3c496958e", "key": "cpe"}, {"hash": "6685f5e5206431e145d64fa79c9b1f50", "key": "title"}, {"hash": "6780c465baf2b21c3ae30385b7fb1938", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "400af0431cd459c80e0d911f26a0ef43", "key": "modified"}, {"hash": "3bf638e1fedb2e2f60a9da3180c7640f", "key": "href"}, {"hash": "c9e4111eb18b54bf620e86dbae883dd8", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "84813b1457b92d6ba1174abffbb83a2f", "key": "cvss"}, {"hash": "20f5cea6c17e7137aad03dd68632812c", "key": "description"}], "lastseen": "2017-04-18T15:56:00", "assessment": {"name": "", "href": "", "system": ""}}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-04-18T15:56:00"}], "scanner": [], "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "modified": "2017-06-30T21:29:13", "hash": "383795012fe3d205cd13b41cfa6c802f473548b486665a949d8afc04560f20ab", "enchantments": {"vulnersScore": 5.0}, "edition": 3, "description": "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.", "references": ["http://www.securitytracker.com/id/1034077", "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html", "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html", "https://security.gentoo.org/glsa/201701-68", "http://www.debian.org/security/2015/dsa-3392", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165", "http://www.openwall.com/lists/oss-security/2015/08/28/1", "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html"], "id": "CVE-2015-0852", "lastseen": "2017-07-01T10:43:18", "assessment": {"name": "", "href": "", "system": ""}}

{"result": {"debian": [{"id": "DLA-327", "type": "debian", "title": "freeimage -- LTS security update", "description": "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.", "published": "2015-10-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/2015/dla-327", "cvelist": ["CVE-2015-0852"], "lastseen": "2016-09-02T12:57:31"}, {"id": "DSA-3392", "type": "debian", "title": "freeimage -- security update", "description": "Pengsu Cheng discovered that FreeImage, a library for graphic image formats, contained multiple integer underflows that could lead to a denial of service: remote attackers were able to trigger a crash by supplying a specially crafted image.\n\nFor the oldstable distribution (wheezy), this problem has been fixed in version 3.15.1-1.1.\n\nFor the stable distribution (jessie), this problem has been fixed in version 3.15.4-4.2.\n\nFor the testing distribution (stretch) and unstable distribution (sid), this problem has been fixed in version 3.15.4-6.\n\nWe recommend that you upgrade your freeimage packages.", "published": "2015-11-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3392", "cvelist": ["CVE-2015-0852"], "lastseen": "2016-09-02T18:25:51"}], "nessus": [{"id": "FEDORA_2015-16104.NASL", "type": "nessus", "title": "Fedora 21 : freeimage-3.10.0-23.fc21 (2015-16104)", "description": "This update resolves CVE-2015-0852.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-10-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86236", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-10-29T13:37:31"}, {"id": "DEBIAN_DLA-327.NASL", "type": "nessus", "title": "Debian DLA-327-1 : freeimage security update", "description": "Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-10-19T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86428", "cvelist": ["CVE-2015-0852"], "lastseen": "2018-07-07T02:04:05"}, {"id": "FREEBSD_PKG_33459061A1D611E58794BCAEC565249C.NASL", "type": "nessus", "title": "FreeBSD : freeimage -- multiple integer overflows (33459061-a1d6-11e5-8794-bcaec565249c)", "description": "Pcheng pcheng reports :\n\nAn integer overflow issue in the FreeImage project was reported and fixed recently.", "published": "2015-12-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87361", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-10-29T13:33:17"}, {"id": "FEDORA_2015-DECBAB7C9F.NASL", "type": "nessus", "title": "Fedora 23 : mingw-freeimage-3.17.0-1.fc23 (2015-decbab7c9f)", "description": "Update to version 3.17.0, see http://freeimage.sourceforge.net/news.html for details. This update also includes a patch for CVE-2015-0852.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-03-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=89438", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-10-29T13:34:09"}, {"id": "FEDORA_2015-16105.NASL", "type": "nessus", "title": "Fedora 22 : freeimage-3.10.0-23.fc22 (2015-16105)", "description": "This update resolves CVE-2015-0852.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-10-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86237", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-10-29T13:38:28"}, {"id": "DEBIAN_DSA-3392.NASL", "type": "nessus", "title": "Debian DSA-3392-1 : freeimage - security update", "description": "Pengsu Cheng discovered that FreeImage, a library for graphic image formats, contained multiple integer underflows that could lead to a denial of service: remote attackers were able to trigger a crash by supplying a specially crafted image.", "published": "2015-11-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86727", "cvelist": ["CVE-2015-0852"], "lastseen": "2018-07-12T17:30:50"}, {"id": "FEDORA_2015-992342E82F.NASL", "type": "nessus", "title": "Fedora 22 : mingw-freeimage-3.15.4-6.fc22 (2015-992342e82f)", "description": "This update fixes CVE-2015-0852.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-03-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=89334", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-10-29T13:32:49"}, {"id": "FEDORA_2015-16106.NASL", "type": "nessus", "title": "Fedora 23 : freeimage-3.17.0-1.fc23 (2015-16106)", "description": "Update to version 3.17.0, see http://freeimage.sourceforge.net/news.html for details. This update includes a patch for CVE-2015-0852.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-09-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86173", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-10-29T13:46:13"}, {"id": "GENTOO_GLSA-201701-68.NASL", "type": "nessus", "title": "GLSA-201701-68 : FreeImage: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201701-68 (FreeImage: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in in FreeImage. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker, by enticing a user to process a specially crafted image file, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "published": "2017-01-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96854", "cvelist": ["CVE-2015-0852", "CVE-2016-5684"], "lastseen": "2017-10-29T13:43:33"}], "openvas": [{"id": "OPENVAS:1361412562310130047", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0339", "description": "Mageia Linux Local Security Checks mgasa-2015-0339", "published": "2015-10-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130047", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-07-24T12:53:05"}, {"id": "OPENVAS:1361412562310869975", "type": "openvas", "title": "Fedora Update for freeimage FEDORA-2015-16104", "description": "Check the version of freeimage", "published": "2015-10-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869975", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-07-25T10:52:35"}, {"id": "OPENVAS:703392", "type": "openvas", "title": "Debian Security Advisory DSA 3392-1 (freeimage - security update)", "description": "Pengsu Cheng discovered that FreeImage,\na library for graphic image formats, contained multiple integer underflows that\ncould lead to a denial of service: remote attackers were able to trigger a crash by\nsupplying a specially crafted image.", "published": "2015-11-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703392", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-07-24T12:52:36"}, {"id": "OPENVAS:1361412562310806726", "type": "openvas", "title": "Fedora Update for mingw-freeimage FEDORA-2015-992342", "description": "Check the version of mingw-freeimage", "published": "2015-11-24T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310806726", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-07-25T10:53:32"}, {"id": "OPENVAS:1361412562310869980", "type": "openvas", "title": "Fedora Update for freeimage FEDORA-2015-16105", "description": "Check the version of freeimage", "published": "2015-10-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869980", "cvelist": ["CVE-2015-0852"], "lastseen": "2017-07-25T10:53:23"}, {"id": "OPENVAS:1361412562310703392", "type": "openvas", "title": "Debian Security Advisory DSA 3392-1 (freeimage - security update)", "description": "Pengsu Cheng discovered that FreeImage,\na library for graphic image formats, contained multiple integer underflows that\ncould lead to a denial of service: remote attackers were able to trigger a crash by\nsupplying a specially crafted image.", "published": "2015-11-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703392", "cvelist": ["CVE-2015-0852"], "lastseen": "2018-04-06T11:25:14"}], "freebsd": [{"id": "33459061-A1D6-11E5-8794-BCAEC565249C", "type": "freebsd", "title": "freeimage -- multiple integer overflows", "description": "\nPcheng pcheng reports:\n\nAn integer overflow issue in the FreeImage project was\n\t reported and fixed recently.\n\n", "published": "2015-08-28T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/33459061-a1d6-11e5-8794-bcaec565249c.html", "cvelist": ["CVE-2015-0852"], "lastseen": "2016-09-26T17:24:12"}], "gentoo": [{"id": "GLSA-201701-68", "type": "gentoo", "title": "FreeImage: Multiple vulnerabilities", "description": "### Background\n\nFreeImage is an Open Source library project for developers who would like to support popular graphics image formats like PNG, BMP, JPEG, TIFF and others as needed by today\u2019s multimedia applications. \n\n### Description\n\nMultiple vulnerabilities have been discovered in in FreeImage. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, by enticing a user to process a specially crafted image file, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll FreeImage users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/freeimage-3.15.4-r1\"", "published": "2017-01-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201701-68", "cvelist": ["CVE-2015-0852", "CVE-2016-5684"], "lastseen": "2017-01-29T16:59:40"}]}}