-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : freeimage Version : 3.15.4-4.2+deb8u2 CVE ID : CVE-2019-12211 CVE-2019-12213 Debian Bug : 929597
It was found that freeimage, a graphics library, was affected by the following two security issues: CVE-2019-12211 Heap buffer overflow caused by invalid memcpy in PluginTIFF. This flaw might be leveraged by remote attackers to trigger denial of service or any other unspecified impact via crafted TIFF data. CVE-2019-12213 Stack exhaustion caused by unwanted recursion in PluginTIFF. This flaw might be leveraged by remote attackers to trigger denial of service via crafted TIFF data. For Debian 8 "Jessie", these problems have been fixed in version 3.15.4-4.2+deb8u2. We recommend that you upgrade your freeimage packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl3vylAACgkQEeMFjl5E GkJAjQwAmsgpg0WZCWgPBEEwsHI6lJQZ7YUbqTdxXfuA/TqZrsWvtjT9I7ZR9InY zGG7Yi1cAsuWCT7WOhlX+/QNFxkVBv0to4Bhv3JoOIMY/RK6HImD9ej9M2WdkLRr enPjAAwouHIZyfTt2ld9ODC5XX+Gy5Mz0TyoCZDaDQ8UbLkYJQZG3bvAOttzgQaA 3oZtncEbcs5UVbpFtxDewuR2Zf9pJnUmVWRmxVEE5jxiWDrlbish5PeuteL16HeY pnT1ClZBo1jrAy5asKUohYKLl6WwuoQoCMjy31VYChjVikH5qtub5NJTh5jXnnoQ 2A58bEAJK64swb4Anq/tttKwIwAb53rJJbn5PtIonDAr5BYeywZZXmbRBMRtu51b rnvrU1pJrNFFzUaf09ek4Duvrk9rH8Kz2ZADBjeXQYi477M8IvfxWAA2Ky4GryCS pN4xz4HQPlNO2crA38OtlH2HdYnhosuqfHUkwLI/IvaBeqvhfpd4PyvhfJLyVPcs Lp46A9qi =EXjY -----END PGP SIGNATURE-----