Source: freeimage X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for freeimage. CVE-2020-21427[0]: | Buffer Overflow vulnerability in function LoadPixelDataRLE8 in | PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run | arbitrary code and cause other impacts via crafted image file. https://sourceforge.net/p/freeimage/bugs/298/ The bug mentions "fixed in the SVN version", but it's unclear in which version and when. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-21427 https://www.cve.org/CVERecord?id=CVE-2020-21427 Please adjust the affected versions in the BTS as needed.