Source: freeimage X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerabilities were published for freeimage. CVE-2020-24292[0]: | Buffer Overflow vulnerability in load function in PluginICO.cpp in | FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary | code via opening of crafted ico file. CVE-2020-24293[1]: | Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp | in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary | code via opening of crafted psd file. CVE-2020-24294[2]: | Buffer Overflow vulnerability in psdParser::UnpackRLE function in | PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to | cuase a denial of service via opening of crafted psd file. CVE-2020-24295[3]: | Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in | FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary | code via use of crafted psd file. All reported at https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/ but so far without upstream reaction. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-24292 https://www.cve.org/CVERecord?id=CVE-2020-24292 [1] https://security-tracker.debian.org/tracker/CVE-2020-24293 https://www.cve.org/CVERecord?id=CVE-2020-24293 [2] https://security-tracker.debian.org/tracker/CVE-2020-24294 https://www.cve.org/CVERecord?id=CVE-2020-24294 [3] https://security-tracker.debian.org/tracker/CVE-2020-24295 https://www.cve.org/CVERecord?id=CVE-2020-24295 Please adjust the affected versions in the BTS as needed.
