Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 559006 (CVE-2015-0852) - <media-libs/freeimage-3.15.4-r1: integer overflow
Summary: <media-libs/freeimage-3.15.4-r1: integer overflow
Alias: CVE-2015-0852
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa cve]
Depends on: CVE-2016-5684
  Show dependency tree
Reported: 2015-08-28 08:33 UTC by Agostino Sarubbo
Modified: 2017-01-29 16:16 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-08-28 08:33:44 UTC
From ${URL} :

Name : FreeImage
Affected Version: <= 3.17.0

Description :
An integer overflow issue in the FreeImage project was reported and fixed recently.
Upstream fix: Revision 1.18


The PluginPCX.cpp file(version 3.17.0) has:

371 unsigned width = header.window[2] - header.window[0] + 1;
372 unsigned height = header.window[3] - header.window[1] + 1;
373 unsigned bitcount = header.bpp * header.planes;

However, it's possible that header.window[2] < header.window[0], and also header.window[3] < header.window[1]. In this two cases, width and height can be overflowed. And this can lead further issue in the rest of the code. Take the following lines for example:

568 for (x = 0; x < width; x++) {
569 bits[x * 3 + FI_RGBA_RED] = pline[x];
570 }

The write operation on buffer bits can help an attacker to corrupt the heap.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 David Seifert gentoo-dev 2017-01-21 20:04:42 UTC
commit 19aae64ac3dfc8945dbf9c4edccd835778f81c1d
Author: David Seifert <>
Date:   Sat Jan 21 21:01:22 2017 +0100

    media-libs/freeimage: Add patches for CVE-2015-0852 and CVE-2016-5684
    Gentoo-bug: 559006, 596350
    * EAPI=6
    * Make patches -p1 compliant
Comment 2 David Seifert gentoo-dev 2017-01-22 15:39:21 UTC
commit fd7524a9b5584c1fa2d8fa0ed209c217bc0dffc7
Author: David Seifert <>
Date:   Sun Jan 22 16:38:32 2017 +0100

    media-libs/freeimage: Remove old
    Gentoo-bug: 559006, 596350
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2017-01-23 08:27:11 UTC
Added to existing GLSA.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2017-01-29 16:16:13 UTC
This issue was resolved and addressed in
 GLSA 201701-68 at
by GLSA coordinator Thomas Deutschmann (whissi).