[Bug 1002621] New: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 Bug ID: 1002621 Summary: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- [1] News: http://blog.talosintel.com/2016/10/freeimage.html [2] Technical Overview: http://www.talosintelligence.com/reports/TALOS-2016-0189/ Due to [2], tested versions: FreeImage 3.17.0, which is actual for Tumbleweed (see https://software.opensuse.org/package/freeimage) and Graphic repo for 42.1 and 42.2. and also 13.1, 13.2. Also can be useful for 3.15.4 version... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621
Mikhail Kasimov
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621 http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c3 Denisart Benjamin
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c4
--- Comment #4 from Mikhail Kasimov
Ok but can you attach a patch or at least a link to a commit ?
've written an email to FreeImage developer (http://freeimage.sourceforge.net/contact.html). Waiting for his answer. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c5
--- Comment #5 from Mikhail Kasimov
(In reply to Denisart Benjamin from comment #3)
Ok but can you attach a patch or at least a link to a commit ?
've written an email to FreeImage developer (http://freeimage.sourceforge.net/contact.html). Waiting for his answer.
UPD: https://security-tracker.debian.org/tracker/CVE-2016-5684 See "Note" section: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17&r2=1.18 http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c6
Karol Babioch
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c7
Andreas Stieger
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621
http://bugzilla.opensuse.org/show_bug.cgi?id=1002621#c9
Alexander Bergmann
participants (1)
-
bugzilla_noreply@novell.com