CVE-2019-12214

Name of the Vulnerable Software and Affected Versions FreeImage version 3.18.0

Description The issue arises from the mishandling of the OpenJPEG j2k read ppm v3 function in j2k.c, leading to an out-of-bounds access. This occurs because the value of l N ppm comes from the file being read, and the code fails to account for the possibility that l N ppm may exceed the size of p header data.

Recommendations For FreeImage version 3.18.0, consider applying a patch or fix that properly handles the l N ppm value to prevent out-of-bounds access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.