what you don't know can hurt you

Debian Security Advisory 4593-1

Debian Security Advisory 4593-1
Posted Dec 27, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4593-1 - It was found that freeimage, a graphics library, was affected by the heap buffer overflow and stack exhaustion vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, debian
advisories | CVE-2019-12211, CVE-2019-12213
MD5 | c561ac8a7d8bf295f6f862bb4667eb46

Debian Security Advisory 4593-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4593-1 security@debian.org
https://www.debian.org/security/ Hugo Lefeuvre
December 27, 2019 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : freeimage
CVE ID : CVE-2019-12211 CVE-2019-12213
Debian Bug : 929597

It was found that freeimage, a graphics library, was affected by the
following two security issues:

CVE-2019-12211

Heap buffer overflow caused by invalid memcpy in PluginTIFF. This
flaw might be leveraged by remote attackers to trigger denial of
service or any other unspecified impact via crafted TIFF data.

CVE-2019-12213

Stack exhaustion caused by unwanted recursion in PluginTIFF. This
flaw might be leveraged by remote attackers to trigger denial of
service via crafted TIFF data.

For the oldstable distribution (stretch), these problems have been fixed
in version 3.17.0+ds1-5+deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 3.18.0+ds2-1+deb10u1.

We recommend that you upgrade your freeimage packages.

For the detailed security status of freeimage please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/freeimage

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl4GgCUACgkQEMKTtsN8
TjYEAhAAlG23fvEZtYYEB7RDesOVnBYEtjAmSCDaomqEOJFcvUtMHkkHZ4x4vcg9
w3X2FyRynTfZ75r0fp0cMs1ocrfa7SVaVmVBVi3fd/4nEzJtrjGcHAYwMrw7F2DH
GZ7+PBQSuNYd4k87RQl2xKvlRNIH4ifbZnIdpVsiuOEPFt8vlLYgh/31lIzrdT/v
YwPV7rdY7/3yNIUV7XOdhGKZ/esipZRPQLes3nduq5A9wo8kGwbQPnVMzLBLAwIH
T1bMStWau0Wbb7sXSr19LbkxBBVyDP9sZ/1rQfNLxHQFtg/zJfj0kfC1N4//1IrC
HVXU4BF0KMiyCi+Zk08c0S1d3Wt+f++wzKegOwgqII5qVurAaBqHcveu2tahVbuo
oQr+ObI3AlREWuhI6WE1u8KwTi5EKvUTkqJtoegX90GAilNMDs34JgjuyC7EB9vn
sows7yzH/UnLti+1TBHaux45cu5UU5p4QKVunvizs2YR34xITWPJ2Zv+b8/LCm3/
ZuXdwdyn2HU/C8wTFnPlk3d9I6nGcPaVmGwH9/zhRU8DV5ERf2Nqqfyk4LPW4hkj
TcegCC/Ti45/yceQ5ELn4Yo9B+clQIQscxrUtA5DaZwSlvXMaVfoDFK6vZnbaDY7
fsRA17VCzc1+L7iHhs0WUks145MW97FsEAU4uCoKdH+jlcBhSoc=
=PzJY
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close