Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 596350 (CVE-2016-5684)

Summary: <media-libs/freeimage-3.15.4-r1: XMP Image Handling Code Execution Vulnerability
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: games, slawomir.nizio
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1381517
Whiteboard: B2 [glsa cve]
Package list:
=media-libs/freeimage-3.15.4-r1
 Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 559006    

Description Agostino Sarubbo gentoo-dev 2016-10-06 15:42:28 UTC 
From ${URL} :

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library.

A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger 
this vulnerability.

External References:

http://www.talosintelligence.com/reports/TALOS-2016-0189/

Upstream patches:

http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17&r2=1.18
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 David Seifert gentoo-dev 2017-01-21 20:04:33 UTC 
commit 19aae64ac3dfc8945dbf9c4edccd835778f81c1d
Author: David Seifert <soap@gentoo.org>
Date:   Sat Jan 21 21:01:22 2017 +0100

    media-libs/freeimage: Add patches for CVE-2015-0852 and CVE-2016-5684
    
    Gentoo-bug: 559006, 596350
    * EAPI=6
    * Make patches -p1 compliant
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-21 22:06:21 UTC 
@ Arches,

please test and mark stable: =media-libs/freeimage-3.15.4-r1
Comment 3 Agostino Sarubbo gentoo-dev 2017-01-22 14:54:16 UTC 
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-01-22 15:02:16 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 David Seifert gentoo-dev 2017-01-22 15:39:18 UTC 
commit fd7524a9b5584c1fa2d8fa0ed209c217bc0dffc7
Author: David Seifert <soap@gentoo.org>
Date:   Sun Jan 22 16:38:32 2017 +0100

    media-libs/freeimage: Remove old
    
    Gentoo-bug: 559006, 596350
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2017-01-23 08:25:09 UTC 
GLSA request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2017-01-29 16:16:21 UTC 
This issue was resolved and addressed in
 GLSA 201701-68 at https://security.gentoo.org/glsa/201701-68
by GLSA coordinator Thomas Deutschmann (whissi).