Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 596350 (CVE-2016-5684) - <media-libs/freeimage-3.15.4-r1: XMP Image Handling Code Execution Vulnerability
Summary: <media-libs/freeimage-3.15.4-r1: XMP Image Handling Code Execution Vulnerability
Status: RESOLVED FIXED
Alias: CVE-2016-5684
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks: CVE-2015-0852
  Show dependency tree
 
Reported: 2016-10-06 15:42 UTC by Agostino Sarubbo
Modified: 2017-01-29 16:16 UTC (History)
2 users (show)

See Also:
Package list:
=media-libs/freeimage-3.15.4-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2016-10-06 15:42:28 UTC
From ${URL} :

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library.

A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger 
this vulnerability.

External References:

http://www.talosintelligence.com/reports/TALOS-2016-0189/

Upstream patches:

http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17&r2=1.18
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 David Seifert gentoo-dev 2017-01-21 20:04:33 UTC
commit 19aae64ac3dfc8945dbf9c4edccd835778f81c1d
Author: David Seifert <soap@gentoo.org>
Date:   Sat Jan 21 21:01:22 2017 +0100

    media-libs/freeimage: Add patches for CVE-2015-0852 and CVE-2016-5684
    
    Gentoo-bug: 559006, 596350
    * EAPI=6
    * Make patches -p1 compliant
Comment 2 Thomas Deutschmann gentoo-dev 2017-01-21 22:06:21 UTC
@ Arches,

please test and mark stable: =media-libs/freeimage-3.15.4-r1
Comment 3 Agostino Sarubbo gentoo-dev 2017-01-22 14:54:16 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-01-22 15:02:16 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 5 David Seifert gentoo-dev 2017-01-22 15:39:18 UTC
commit fd7524a9b5584c1fa2d8fa0ed209c217bc0dffc7
Author: David Seifert <soap@gentoo.org>
Date:   Sun Jan 22 16:38:32 2017 +0100

    media-libs/freeimage: Remove old
    
    Gentoo-bug: 559006, 596350
Comment 6 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-01-23 08:25:09 UTC
GLSA request filed.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2017-01-29 16:16:21 UTC
This issue was resolved and addressed in
 GLSA 201701-68 at https://security.gentoo.org/glsa/201701-68
by GLSA coordinator Thomas Deutschmann (whissi).