CVE-2019-12211 (https://nvd.nist.gov/vuln/detail/CVE-2019-12211): When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow. CVE-2019-12213 (https://nvd.nist.gov/vuln/detail/CVE-2019-12213): When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
@maintainer(s): ping, looks like this has patches
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16338bcf52d57417ef2c66df7d4a0a3c206751ec commit 16338bcf52d57417ef2c66df7d4a0a3c206751ec Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-11 19:05:59 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2020-07-19 11:58:58 +0000 media-libs/freeimage: Revbump + security patch Bug: https://bugs.gentoo.org/701850 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16670 Signed-off-by: James Le Cuirot <chewi@gentoo.org> ...mage-3.18.0-CVE-2019-12211-CVE-2019-12213.patch | 193 +++++++++++++++++++++ media-libs/freeimage/freeimage-3.18.0-r2.ebuild | 119 +++++++++++++ 2 files changed, 312 insertions(+)
Patched!
(In reply to James Le Cuirot from comment #3) > Patched! Thanks, let us know when it's ready to stable!
amd64 stable
x86 stable
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
New GLSA request filed.
This issue was resolved and addressed in GLSA 202107-02 at https://security.gentoo.org/glsa/202107-02 by GLSA coordinator John Helmert III (ajak).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dae6201ab92598af08e695826fe123bf9e6027f commit 7dae6201ab92598af08e695826fe123bf9e6027f Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-07-03 15:38:36 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-07-03 15:38:41 +0000 media-libs/freeimage: drop 3.18.0-r1 Bug: https://bugs.gentoo.org/701850 Signed-off-by: John Helmert III <ajak@gentoo.org> media-libs/freeimage/freeimage-3.18.0-r1.ebuild | 119 ------------------------ 1 file changed, 119 deletions(-)