CVE-2019-12211

Name
CVE-2019-12211
Description
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUWVVP67FYM4GMWD7TPQ7C7JPPRUZHYE/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VZ7KBYPPNRMX7RRWVJSX4T63E3TFB6TG/
MLIST https://lists.debian.org/debian-lts-announce/2019/12/msg00012.html
DEBIAN https://www.debian.org/security/2019/dsa-4593
BUGTRAQ https://seclists.org/bugtraq/2019/Dec/45
UBUNTU https://usn.ubuntu.com/4529-1/
GENTOO https://security.gentoo.org/glsa/202107-02

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:freeimage_project:freeimage:3.18.0:*:*:*:*:*:*:* freeimage == None == 3.18.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
freeimage 3.13-community 3.18.0-r2 Taner Tas <taner76@gmail.com> fixed
freeimage 3.14-community 3.18.0-r2 Taner Tas <taner76@gmail.com> fixed
freeimage 3.15-community 3.18.0-r2 Taner Tas <taner76@gmail.com> fixed
freeimage 3.16-community 3.18.0-r2 Taner Tas <taner76@gmail.com> fixed
freeimage 3.17-community 3.18.0-r3 Taner Tas <taner76@gmail.com> fixed
freeimage edge-community 3.18.0-r4 Taner Tas <taner76@gmail.com> fixed
freeimage 3.18-community 3.18.0-r4 Taner Tas <taner76@gmail.com> fixed