Lucene search

DebianDEBIAN:DLA-2031-1:768A5

HistoryDec 10, 2019 - 4:41 p.m.

[SECURITY] [DLA 2031-1] freeimage security update

2019-12-1016:41:02

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.6

Confidence

High

EPSS

0.008

Percentile

81.9%

JSON

Package : freeimage
Version : 3.15.4-4.2+deb8u2
CVE ID : CVE-2019-12211 CVE-2019-12213
Debian Bug : 929597

It was found that freeimage, a graphics library, was affected by the following
two security issues:

CVE-2019-12211

Heap buffer overflow caused by invalid memcpy in PluginTIFF. This flaw
might be leveraged by remote attackers to trigger denial of service or any
other unspecified impact via crafted TIFF data.

CVE-2019-12213

Stack exhaustion caused by unwanted recursion in PluginTIFF. This flaw
might be leveraged by remote attackers to trigger denial of service via
crafted TIFF data.

For Debian 8 "Jessie", these problems have been fixed in version
3.15.4-4.2+deb8u2.

We recommend that you upgrade your freeimage packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8i386libfreeimage-dev< 3.15.4-4.2+deb8u2libfreeimage-dev_3.15.4-4.2+deb8u2_i386.deb
Debian10arm64libfreeimage-dev< 3.18.0+ds2-1+deb10u1libfreeimage-dev_3.18.0+ds2-1+deb10u1_arm64.deb
Debian10mipsellibfreeimageplus3< 3.18.0+ds2-1+deb10u1libfreeimageplus3_3.18.0+ds2-1+deb10u1_mipsel.deb
Debian10armhflibfreeimageplus3-dbgsym< 3.18.0+ds2-1+deb10u1libfreeimageplus3-dbgsym_3.18.0+ds2-1+deb10u1_armhf.deb
Debian10armhflibfreeimage-dev< 3.18.0+ds2-1+deb10u1libfreeimage-dev_3.18.0+ds2-1+deb10u1_armhf.deb
Debian10mipslibfreeimage3-dbgsym< 3.18.0+ds2-1+deb10u1libfreeimage3-dbgsym_3.18.0+ds2-1+deb10u1_mips.deb
Debian9mips64ellibfreeimageplus3< 3.17.0+ds1-5+deb9u1libfreeimageplus3_3.17.0+ds1-5+deb9u1_mips64el.deb
Debian10i386libfreeimage-dev< 3.18.0+ds2-1+deb10u1libfreeimage-dev_3.18.0+ds2-1+deb10u1_i386.deb
Debian8armhflibfreeimage-dev< 3.15.4-4.2+deb8u2libfreeimage-dev_3.15.4-4.2+deb8u2_armhf.deb
Debian10amd64libfreeimage3-dbgsym< 3.18.0+ds2-1+deb10u1libfreeimage3-dbgsym_3.18.0+ds2-1+deb10u1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	libfreeimage-dev	< 3.15.4-4.2+deb8u2	libfreeimage-dev_3.15.4-4.2+deb8u2_i386.deb
Debian	10	arm64	libfreeimage-dev	< 3.18.0+ds2-1+deb10u1	libfreeimage-dev_3.18.0+ds2-1+deb10u1_arm64.deb
Debian	10	mipsel	libfreeimageplus3	< 3.18.0+ds2-1+deb10u1	libfreeimageplus3_3.18.0+ds2-1+deb10u1_mipsel.deb
Debian	10	armhf	libfreeimageplus3-dbgsym	< 3.18.0+ds2-1+deb10u1	libfreeimageplus3-dbgsym_3.18.0+ds2-1+deb10u1_armhf.deb
Debian	10	armhf	libfreeimage-dev	< 3.18.0+ds2-1+deb10u1	libfreeimage-dev_3.18.0+ds2-1+deb10u1_armhf.deb
Debian	10	mips	libfreeimage3-dbgsym	< 3.18.0+ds2-1+deb10u1	libfreeimage3-dbgsym_3.18.0+ds2-1+deb10u1_mips.deb
Debian	9	mips64el	libfreeimageplus3	< 3.17.0+ds1-5+deb9u1	libfreeimageplus3_3.17.0+ds1-5+deb9u1_mips64el.deb
Debian	10	i386	libfreeimage-dev	< 3.18.0+ds2-1+deb10u1	libfreeimage-dev_3.18.0+ds2-1+deb10u1_i386.deb
Debian	8	armhf	libfreeimage-dev	< 3.15.4-4.2+deb8u2	libfreeimage-dev_3.15.4-4.2+deb8u2_armhf.deb
Debian	10	amd64	libfreeimage3-dbgsym	< 3.18.0+ds2-1+deb10u1	libfreeimage3-dbgsym_3.18.0+ds2-1+deb10u1_amd64.deb