[Bug 1002621] New: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability

bugzilla_noreply＠novell.com

3 Oct 2016 3 Oct '16

17:25

http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 Bug ID: 1002621 Summary: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- [1] News: http://blog.talosintel.com/2016/10/freeimage.html [2] Technical Overview: http://www.talosintelligence.com/reports/TALOS-2016-0189/ Due to [2], tested versions: FreeImage 3.17.0, which is actual for Tumbleweed (see https://software.opensuse.org/package/freeimage) and Graphic repo for 42.1 and 42.2. and also 13.1, 13.2. Also can be useful for 3.15.4 version... -- You are receiving this mail because: You are on the CC list for the bug.

Attachments:

attachment.htm (text/html — 2.7 KB)

Show replies by date

bugzilla_noreply＠novell.com

3 Oct 3 Oct

17:25

New subject: [Bug 1002621] CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability

http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 Mikhail Kasimov changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2016-5684 -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla_noreply＠novell.com

7 Oct 7 Oct

10:19

New subject: [Bug 1002621] VUL-0: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability

http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c3 Denisart Benjamin changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mikhail.kasimov@gmail.com Flags| |needinfo?(mikhail.kasimov@g | |mail.com) --- Comment #3 from Denisart Benjamin --- Ok but can you attach a patch or at least a link to a commit ? -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:29

New subject: [Bug 1002621] VUL-0: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability

http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c4 --- Comment #4 from Mikhail Kasimov --- (In reply to Denisart Benjamin from comment #3)

...

Ok but can you attach a patch or at least a link to a commit ?

've written an email to FreeImage developer (http://freeimage.sourceforge.net/contact.html). Waiting for his answer. -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla_noreply＠novell.com

10:36

New subject: [Bug 1002621] VUL-0: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability

http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c5 --- Comment #5 from Mikhail Kasimov --- (In reply to Mikhail Kasimov from comment #4)

...

(In reply to Denisart Benjamin from comment #3)

...
Ok but can you attach a patch or at least a link to a commit ?

've written an email to FreeImage developer (http://freeimage.sourceforge.net/contact.html). Waiting for his answer.

UPD: https://security-tracker.debian.org/tracker/CVE-2016-5684 See "Note" section: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17&r2=1.18 http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19 -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla_noreply＠novell.com

24 Jan 24 Jan

14:31

New subject: [Bug 1002621] VUL-0: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability

http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c6 Karol Babioch changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS CC| |kbabioch@suse.com Flags|needinfo?(mikhail.kasimov@g | |mail.com) | --- Comment #6 from Karol Babioch --- Fixed in Factory and Leap. Requests submitted: https://build.opensuse.org/request/show/569250 https://build.opensuse.org/request/show/569257 -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla_noreply＠novell.com

31 Jan 31 Jan

20:24

New subject: [Bug 1002621] VUL-0: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability

http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c7 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- URL| |https://smash.suse.de/issue | |/173111/ CC| |astieger@suse.com --- Comment #7 from Andreas Stieger --- done -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla_noreply＠novell.com

13 Apr 13 Apr

15:56

New subject: [Bug 1002621] VUL-0: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability

http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c9 Alexander Bergmann changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED CC| |abergmann@suse.com Resolution|--- |FIXED --- Comment #9 from Alexander Bergmann --- Fixed and released. -- You are receiving this mail because: You are on the CC list for the bug.

2206

Age (days ago)

2763

Last active (days ago)

List overview

Download

7 comments

1 participants

participants (1)

bugzilla_noreply＠novell.com

[Bug 1002621] New: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability

tags

participants (1)