{"schema_version":"1.7.2","id":"OESA-2024-2305","modified":"2024-11-01T11:09:28Z","published":"2024-11-01T11:09:28Z","upstream":["CVE-2020-24292","CVE-2020-24293","CVE-2020-24295","CVE-2021-33367","CVE-2021-40263","CVE-2021-40266","CVE-2023-47995","CVE-2023-47997"],"summary":"freeimage security update","details":"FreeImage is a library project for developers who would like to support popular graphics image formats (PNG, JPEG, TIFF, BMP and others). Some highlights are: extremely simple in use, not limited to the local PC (unique FreeImageIO) and Plugin driven!\r\n\r\nSecurity Fix(es):\r\n\r\nBuffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.(CVE-2020-24292)\r\n\r\nBuffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.(CVE-2020-24293)\r\n\r\nBuffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.(CVE-2020-24295)\r\n\r\nBuffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.(CVE-2021-33367)\r\n\r\nA heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.(CVE-2021-40263)\r\n\r\nFreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.(CVE-2021-40266)\r\n\r\nMemory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.(CVE-2023-47995)\r\n\r\nAn issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.(CVE-2023-47997)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP4","name":"freeimage","purl":"pkg:rpm/openEuler/freeimage\u0026distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.0-7.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["freeimage-3.18.0-7.oe2003sp4.aarch64.rpm","freeimage-devel-3.18.0-7.oe2003sp4.aarch64.rpm"],"src":["freeimage-3.18.0-7.oe2003sp4.src.rpm"],"x86_64":["freeimage-3.18.0-7.oe2003sp4.x86_64.rpm","freeimage-devel-3.18.0-7.oe2003sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"freeimage","purl":"pkg:rpm/openEuler/freeimage\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.0-11.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["freeimage-3.18.0-11.oe2203sp1.aarch64.rpm","freeimage-debuginfo-3.18.0-11.oe2203sp1.aarch64.rpm","freeimage-debugsource-3.18.0-11.oe2203sp1.aarch64.rpm","freeimage-devel-3.18.0-11.oe2203sp1.aarch64.rpm"],"src":["freeimage-3.18.0-11.oe2203sp1.src.rpm"],"x86_64":["freeimage-3.18.0-11.oe2203sp1.x86_64.rpm","freeimage-debuginfo-3.18.0-11.oe2203sp1.x86_64.rpm","freeimage-debugsource-3.18.0-11.oe2203sp1.x86_64.rpm","freeimage-devel-3.18.0-11.oe2203sp1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:24.03-LTS","name":"freeimage","purl":"pkg:rpm/openEuler/freeimage\u0026distro=openEuler-24.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.0-13.oe2403"}]}],"ecosystem_specific":{"aarch64":["freeimage-3.18.0-13.oe2403.aarch64.rpm","freeimage-debuginfo-3.18.0-13.oe2403.aarch64.rpm","freeimage-debugsource-3.18.0-13.oe2403.aarch64.rpm","freeimage-devel-3.18.0-13.oe2403.aarch64.rpm"],"src":["freeimage-3.18.0-13.oe2403.src.rpm"],"x86_64":["freeimage-3.18.0-13.oe2403.x86_64.rpm","freeimage-debuginfo-3.18.0-13.oe2403.x86_64.rpm","freeimage-debugsource-3.18.0-13.oe2403.x86_64.rpm","freeimage-devel-3.18.0-13.oe2403.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"freeimage","purl":"pkg:rpm/openEuler/freeimage\u0026distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.0-11.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["freeimage-3.18.0-11.oe2203sp4.aarch64.rpm","freeimage-debuginfo-3.18.0-11.oe2203sp4.aarch64.rpm","freeimage-debugsource-3.18.0-11.oe2203sp4.aarch64.rpm","freeimage-devel-3.18.0-11.oe2203sp4.aarch64.rpm"],"src":["freeimage-3.18.0-11.oe2203sp4.src.rpm"],"x86_64":["freeimage-3.18.0-11.oe2203sp4.x86_64.rpm","freeimage-debuginfo-3.18.0-11.oe2203sp4.x86_64.rpm","freeimage-debugsource-3.18.0-11.oe2203sp4.x86_64.rpm","freeimage-devel-3.18.0-11.oe2203sp4.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:22.03-LTS-SP3","name":"freeimage","purl":"pkg:rpm/openEuler/freeimage\u0026distro=openEuler-22.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18.0-11.oe2203sp3"}]}],"ecosystem_specific":{"aarch64":["freeimage-3.18.0-11.oe2203sp3.aarch64.rpm","freeimage-debuginfo-3.18.0-11.oe2203sp3.aarch64.rpm","freeimage-debugsource-3.18.0-11.oe2203sp3.aarch64.rpm","freeimage-devel-3.18.0-11.oe2203sp3.aarch64.rpm"],"src":["freeimage-3.18.0-11.oe2203sp3.src.rpm"],"x86_64":["freeimage-3.18.0-11.oe2203sp3.x86_64.rpm","freeimage-debuginfo-3.18.0-11.oe2203sp3.x86_64.rpm","freeimage-debugsource-3.18.0-11.oe2203sp3.x86_64.rpm","freeimage-devel-3.18.0-11.oe2203sp3.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24292"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24293"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-24295"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-33367"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40263"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40266"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47995"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47997"}],"database_specific":{"severity":"High"}}