PT-2019-5232 · Freeimage+2 · Freeimage+2

Hugo Lefeuvre

·

Publicado

2019-05-20

·

Atualizado

2024-06-15

·

CVE-2019-12211

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions FreeImage version 3.18.0
Description The issue occurs when reading a tiff file, which is handled by the Load function of the PluginTIFF.cpp file. A memcpy operation happens where the destination address and the size of the copied data are not considered, resulting in a heap overflow. This can be exploited by a remote attacker to cause a denial of service.
Recommendations For FreeImage version 3.18.0, consider disabling the Load function of the PluginTIFF.cpp file as a temporary workaround until a patch is available. Restrict access to the PluginTIFF.cpp file to minimize the risk of exploitation. Avoid using the affected function to handle tiff files until the issue is resolved.

Exploit

Correção

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

BDU:2020-01975
CVE-2019-12211
DLA-2031-1
DSA-4593-1
MGASA-2020-0019
OPENSUSE-SU-2024:10766-1
USN-4529-1
USN-6586-1

Produtos afetados

Freeimage
Linuxmint
Ubuntu