Bug 918621 (CVE-2020-21426, CVE-2020-21427, CVE-2020-21428, CVE-2020-22524, CVE-2020-24292, CVE-2020-24293, CVE-2020-24294, CVE-2020-24295, CVE-2021-40262, CVE-2021-40263, CVE-2021-40264, CVE-2021-40265, CVE-2021-40266)

Summary:	media-libs/freeimage: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	CONFIRMED ---
Severity:	normal	CC:	games
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2023-11-26 20:20:37 UTC

CVE-2020-21426 (https://sourceforge.net/p/freeimage/bugs/300/):

Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

"fixed in the SVN version"

CVE-2020-21427 (https://sourceforge.net/p/freeimage/bugs/298/):

Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

"fixed in the SVN"

CVE-2020-21428 (https://sourceforge.net/p/freeimage/bugs/299/):

Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

"fixed with patch https://sourceforge.net/p/freeimage/patches/143/"

CVE-2020-22524 (https://sourceforge.net/p/freeimage/bugs/319/):

Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.

"This use case is fixed in the SVN
https://sourceforge.net/p/freeimage/svn/HEAD/tree/FreeImage/trunk/
The fix will be available in the next FreeImage release. "

CVE-2021-40262 (https://sourceforge.net/p/freeimage/bugs/338/):

A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.

CVE-2021-40263 (https://sourceforge.net/p/freeimage/bugs/336/):

A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.

CVE-2021-40264 (https://sourceforge.net/p/freeimage/bugs/335/):

NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.

CVE-2021-40265 (https://sourceforge.net/p/freeimage/bugs/337/):

A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.

CVE-2021-40266 (https://sourceforge.net/p/freeimage/bugs/334/):

FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.

CVE-2020-24292 (https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/):

Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.

CVE-2020-24293 (https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/):

Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.

CVE-2020-24294 (https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/):

Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.

CVE-2020-24295 (https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/):

Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.

These last bunch are uncommented on upstream.