Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 701850 (CVE-2019-12211, CVE-2019-12213) - <media-libs/freeimage-3.18.0-r2: multiple vulnerabilities (CVE-2019-{12211,12213})
Summary: <media-libs/freeimage-3.18.0-r2: multiple vulnerabilities (CVE-2019-{12211,12...
Status: RESOLVED FIXED
Alias: CVE-2019-12211, CVE-2019-12213
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on: 734724
Blocks:
  Show dependency tree
 
Reported: 2019-12-03 00:48 UTC by GLSAMaker/CVETool Bot
Modified: 2021-07-03 15:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-03 00:48:08 UTC
CVE-2019-12211 (https://nvd.nist.gov/vuln/detail/CVE-2019-12211):
  When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load
  function of the PluginTIFF.cpp file, but a memcpy occurs in which the
  destination address and the size of the copied data are not considered,
  resulting in a heap overflow.

CVE-2019-12213 (https://nvd.nist.gov/vuln/detail/CVE-2019-12213):
  When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory
  function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-16 00:51:21 UTC
@maintainer(s): ping, looks like this has patches
Comment 2 Larry the Git Cow gentoo-dev 2020-07-19 12:02:30 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=16338bcf52d57417ef2c66df7d4a0a3c206751ec

commit 16338bcf52d57417ef2c66df7d4a0a3c206751ec
Author:     John Helmert III <jchelmert3@posteo.net>
AuthorDate: 2020-07-11 19:05:59 +0000
Commit:     James Le Cuirot <chewi@gentoo.org>
CommitDate: 2020-07-19 11:58:58 +0000

    media-libs/freeimage: Revbump + security patch
    
    Bug: https://bugs.gentoo.org/701850
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: John Helmert III <jchelmert3@posteo.net>
    Closes: https://github.com/gentoo/gentoo/pull/16670
    Signed-off-by: James Le Cuirot <chewi@gentoo.org>

 ...mage-3.18.0-CVE-2019-12211-CVE-2019-12213.patch | 193 +++++++++++++++++++++
 media-libs/freeimage/freeimage-3.18.0-r2.ebuild    | 119 +++++++++++++
 2 files changed, 312 insertions(+)
Comment 3 James Le Cuirot gentoo-dev 2020-07-19 12:03:17 UTC
Patched!
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-19 12:09:39 UTC
(In reply to James Le Cuirot from comment #3)
> Patched!

Thanks, let us know when it's ready to stable!
Comment 5 Agostino Sarubbo gentoo-dev 2021-01-21 07:40:53 UTC
amd64 stable
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2021-02-19 01:14:06 UTC
x86 stable
Comment 7 NATTkA bot gentoo-dev 2021-02-22 19:01:02 UTC
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-26 21:34:31 UTC
New GLSA request filed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2021-07-03 03:07:41 UTC
This issue was resolved and addressed in
 GLSA 202107-02 at https://security.gentoo.org/glsa/202107-02
by GLSA coordinator John Helmert III (ajak).
Comment 10 Larry the Git Cow gentoo-dev 2021-07-03 15:39:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7dae6201ab92598af08e695826fe123bf9e6027f

commit 7dae6201ab92598af08e695826fe123bf9e6027f
Author:     John Helmert III <ajak@gentoo.org>
AuthorDate: 2021-07-03 15:38:36 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2021-07-03 15:38:41 +0000

    media-libs/freeimage: drop 3.18.0-r1
    
    Bug: https://bugs.gentoo.org/701850
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 media-libs/freeimage/freeimage-3.18.0-r1.ebuild | 119 ------------------------
 1 file changed, 119 deletions(-)