[Git][security-tracker-team/security-tracker][master] CVE-2019-12214 update for openjpeg and freeimage

Sun, 14 Apr 2024 04:51:26 -0700 


Ola Lundqvist pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
08bd7be3 by Ola Lundqvist at 2024-04-14T13:48:42+02:00
CVE-2019-12214 update for openjpeg and freeimage

  Updated the information for CVE-2019-12214 based on information in
  https://lists.debian.org/debian-lts/2024/04/msg00081.html

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -347217,13 +347217,17 @@ CVE-2019-12214 (In FreeImage 3.18.0, an 
out-of-bounds access occurs because of m
        - freeimage <unfixed> (bug #947478)
        [bookworm] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [bullseye] - freeimage <postponed> (Revisit when upstream fixes are 
available)
-       [buster] - freeimage <postponed> (Revisit when upstream fixes are 
available)
+       [buster] - freeimage <not-affected> (Do not include openjpeg copy since 
3.10.0-3)
+       [buster] - openjpeg2 2.1.0-1
        [stretch] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        [jessie] - freeimage <postponed> (Revisit when upstream fixes are 
available)
        NOTE: 
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
        NOTE: very few information regarding this vulnerability, which is 
seemingly located
        NOTE: in libopenjpeg, not freeimage. Without reproducer or stacktrace, 
this is
        NOTE: nearly unfixable.
+       NOTE: Turned out that the issue is not in freeimage at all, but rather 
in openjpeg.
+       NOTE: For more information see 
https://lists.debian.org/debian-lts/2024/04/msg00058.html
+       NOTE: and more specifically 
https://lists.debian.org/debian-lts/2024/04/msg00081.html
 CVE-2019-12213 (When FreeImage 3.18.0 reads a special TIFF file, the 
TIFFReadDirectory ...)
        {DSA-4593-1 DLA-2031-1}
        - freeimage 3.18.0+ds2-3 (bug #929597)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08bd7be3935f565a9252bc5f9581885b405cc758

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/08bd7be3935f565a9252bc5f9581885b405cc758
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to