It was discovered that an out-of-bounds write vulnerability existed in the XMP image handling functionality of the FreeImage library. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could overwrite arbitrary memory, resulting in code execution.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.15.4-3ubuntu0.1", "binary_name": "libfreeimage-dev" }, { "binary_version": "3.15.4-3ubuntu0.1", "binary_name": "libfreeimage-dev-dbgsym" }, { "binary_version": "3.15.4-3ubuntu0.1", "binary_name": "libfreeimage3" }, { "binary_version": "3.15.4-3ubuntu0.1", "binary_name": "libfreeimage3-dbg" }, { "binary_version": "3.15.4-3ubuntu0.1", "binary_name": "libfreeimage3-dbgsym" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "3.17.0+ds1-2ubuntu0.1", "binary_name": "libfreeimage-dev" }, { "binary_version": "3.17.0+ds1-2ubuntu0.1", "binary_name": "libfreeimage3" }, { "binary_version": "3.17.0+ds1-2ubuntu0.1", "binary_name": "libfreeimage3-dbg" }, { "binary_version": "3.17.0+ds1-2ubuntu0.1", "binary_name": "libfreeimage3-dbgsym" }, { "binary_version": "3.17.0+ds1-2ubuntu0.1", "binary_name": "libfreeimageplus-dev" }, { "binary_version": "3.17.0+ds1-2ubuntu0.1", "binary_name": "libfreeimageplus-doc" }, { "binary_version": "3.17.0+ds1-2ubuntu0.1", "binary_name": "libfreeimageplus3" }, { "binary_version": "3.17.0+ds1-2ubuntu0.1", "binary_name": "libfreeimageplus3-dbg" }, { "binary_version": "3.17.0+ds1-2ubuntu0.1", "binary_name": "libfreeimageplus3-dbgsym" } ] }