[Git][security-tracker-team/security-tracker][master] Add new freeimage issues unfortunately with no clear upstream report status

Wed, 10 Jan 2024 07:38:14 -0800 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b453e7dd by Salvatore Bonaccorso at 2024-01-10T16:36:54+01:00
Add new freeimage issues unfortunately with no clear upstream report status

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47,17 +47,28 @@ CVE-2023-50136 (Cross Site Scripting (XSS) vulnerability in 
JFinalcms 5.0.0 allo
 CVE-2023-48864 (SEMCMS v4.8 was discovered to contain a SQL injection 
vulnerability vi ...)
        NOT-FOR-US: SEMCMS
 CVE-2023-47997 (An issue discovered in 
BitmapAccess.cpp::FreeImage_AllocateBitmap in F ...)
-       TODO: check
+       - freeimage <unfixed>
+       NOTE: 
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997
+       TODO: check upstream reporting status
 CVE-2023-47996 (An integer overflow vulnerability in 
Exif.cpp::jpeg_read_exif_dir in F ...)
-       TODO: check
+       - freeimage <unfixed>
+       NOTE: 
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996
+       TODO: check upstream reporting status
 CVE-2023-47995 (Buffer Overflow vulnerability in 
BitmapAccess.cpp::FreeImage_AllocateB ...)
-       TODO: check
+       - freeimage <unfixed>
+       TODO: check no sensible references in CVE entry
 CVE-2023-47994 (An integer overflow vulnerability in LoadPixelDataRLE4 
function in Plu ...)
-       TODO: check
+       - freeimage <unfixed>
+       NOTE: 
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994
+       TODO: check upstream reporting status
 CVE-2023-47993 (A Buffer out-of-bound read vulnerability in 
Exif.cpp::ReadInt32 in Fre ...)
-       TODO: check
+       - freeimage <unfixed>
+       NOTE: 
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47993
+       TODO: check upstream reporting status
 CVE-2023-47992 (An integer overflow vulnerability in 
FreeImageIO.cpp::_MemoryReadProc  ...)
-       TODO: check
+       - freeimage <unfixed>
+       NOTE: 
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47992
+       TODO: check upstream reporting status
 CVE-2023-41781 (There is a Cross-sitescripting (XSS) vulnerability in ZTE 
MF258. Due t ...)
        NOT-FOR-US: ZTE
 CVE-2023-3043 (AMI\u2019s SPx contains a vulnerability in the BMC where an 
Attacker m ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b453e7dd76e41a2400b9ce76d037e6f1eb096a7e

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b453e7dd76e41a2400b9ce76d037e6f1eb096a7e
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to