PT-2019-5232 · Freeimage+2 · Freeimage+2

Hugo Lefeuvre

Published

2019-05-20

Updated

2024-06-15

CVE-2019-12211

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeImage version 3.18.0

Description The issue occurs when reading a tiff file, which is handled by the Load function of the PluginTIFF.cpp file. A memcpy operation happens where the destination address and the size of the copied data are not considered, resulting in a heap overflow. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For FreeImage version 3.18.0, consider disabling the Load function of the PluginTIFF.cpp file as a temporary workaround until a patch is available. Restrict access to the PluginTIFF.cpp file to minimize the risk of exploitation. Avoid using the affected function to handle tiff files until the issue is resolved.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

BDU:2020-01975

CVE-2019-12211

DLA-2031-1

DSA-4593-1

MGASA-2020-0019

OPENSUSE-SU-2024:10766-1

USN-4529-1

USN-6586-1

Affected Products

Freeimage

Linuxmint

Ubuntu

PT-2019-5232 · Freeimage+2 · Freeimage+2

CVE-2019-12211

Weakness Enumeration

Related Identifiers

Affected Products

References · 39