OESA-2024-2305

FreeImage is a library project for developers who would like to support popular graphics image formats (PNG, JPEG, TIFF, BMP and others). Some highlights are: extremely simple in use, not limited to the local PC (unique FreeImageIO) and Plugin driven!

Security Fix(es):

Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.(CVE-2020-24292)

Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.(CVE-2020-24293)

Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.(CVE-2020-24295)

Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.(CVE-2021-33367)

A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.(CVE-2021-40263)

FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.(CVE-2021-40266)

Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.(CVE-2023-47995)

An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.(CVE-2023-47997)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / freeimage

Package

Name: freeimage
Purl: pkg:rpm/openEuler/freeimage&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-7.oe2003sp4

Ecosystem specific

{
    "src": [
        "freeimage-3.18.0-7.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "freeimage-3.18.0-7.oe2003sp4.x86_64.rpm",
        "freeimage-devel-3.18.0-7.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "freeimage-3.18.0-7.oe2003sp4.aarch64.rpm",
        "freeimage-devel-3.18.0-7.oe2003sp4.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP1 / freeimage

Package

Name: freeimage
Purl: pkg:rpm/openEuler/freeimage&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-11.oe2203sp1

Ecosystem specific

{
    "src": [
        "freeimage-3.18.0-11.oe2203sp1.src.rpm"
    ],
    "x86_64": [
        "freeimage-3.18.0-11.oe2203sp1.x86_64.rpm",
        "freeimage-debuginfo-3.18.0-11.oe2203sp1.x86_64.rpm",
        "freeimage-debugsource-3.18.0-11.oe2203sp1.x86_64.rpm",
        "freeimage-devel-3.18.0-11.oe2203sp1.x86_64.rpm"
    ],
    "aarch64": [
        "freeimage-3.18.0-11.oe2203sp1.aarch64.rpm",
        "freeimage-debuginfo-3.18.0-11.oe2203sp1.aarch64.rpm",
        "freeimage-debugsource-3.18.0-11.oe2203sp1.aarch64.rpm",
        "freeimage-devel-3.18.0-11.oe2203sp1.aarch64.rpm"
    ]
}

openEuler:24.03-LTS / freeimage

Package

Name: freeimage
Purl: pkg:rpm/openEuler/freeimage&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-13.oe2403

Ecosystem specific

{
    "src": [
        "freeimage-3.18.0-13.oe2403.src.rpm"
    ],
    "x86_64": [
        "freeimage-3.18.0-13.oe2403.x86_64.rpm",
        "freeimage-debuginfo-3.18.0-13.oe2403.x86_64.rpm",
        "freeimage-debugsource-3.18.0-13.oe2403.x86_64.rpm",
        "freeimage-devel-3.18.0-13.oe2403.x86_64.rpm"
    ],
    "aarch64": [
        "freeimage-3.18.0-13.oe2403.aarch64.rpm",
        "freeimage-debuginfo-3.18.0-13.oe2403.aarch64.rpm",
        "freeimage-debugsource-3.18.0-13.oe2403.aarch64.rpm",
        "freeimage-devel-3.18.0-13.oe2403.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / freeimage

Package

Name: freeimage
Purl: pkg:rpm/openEuler/freeimage&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-11.oe2203sp4

Ecosystem specific

{
    "src": [
        "freeimage-3.18.0-11.oe2203sp4.src.rpm"
    ],
    "x86_64": [
        "freeimage-3.18.0-11.oe2203sp4.x86_64.rpm",
        "freeimage-debuginfo-3.18.0-11.oe2203sp4.x86_64.rpm",
        "freeimage-debugsource-3.18.0-11.oe2203sp4.x86_64.rpm",
        "freeimage-devel-3.18.0-11.oe2203sp4.x86_64.rpm"
    ],
    "aarch64": [
        "freeimage-3.18.0-11.oe2203sp4.aarch64.rpm",
        "freeimage-debuginfo-3.18.0-11.oe2203sp4.aarch64.rpm",
        "freeimage-debugsource-3.18.0-11.oe2203sp4.aarch64.rpm",
        "freeimage-devel-3.18.0-11.oe2203sp4.aarch64.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / freeimage

Package

Name: freeimage
Purl: pkg:rpm/openEuler/freeimage&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-11.oe2203sp3

Ecosystem specific

{
    "src": [
        "freeimage-3.18.0-11.oe2203sp3.src.rpm"
    ],
    "x86_64": [
        "freeimage-3.18.0-11.oe2203sp3.x86_64.rpm",
        "freeimage-debuginfo-3.18.0-11.oe2203sp3.x86_64.rpm",
        "freeimage-debugsource-3.18.0-11.oe2203sp3.x86_64.rpm",
        "freeimage-devel-3.18.0-11.oe2203sp3.x86_64.rpm"
    ],
    "aarch64": [
        "freeimage-3.18.0-11.oe2203sp3.aarch64.rpm",
        "freeimage-debuginfo-3.18.0-11.oe2203sp3.aarch64.rpm",
        "freeimage-debugsource-3.18.0-11.oe2203sp3.aarch64.rpm",
        "freeimage-devel-3.18.0-11.oe2203sp3.aarch64.rpm"
    ]
}