[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA DLA-647-1] freeimage security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : freeimage
Version        : 3.15.1-1.1+deb7u1
CVE ID         : CVE-2016-5684
Debian Bug     : #839827

It was discovered that there was an out-of-bounds write vulnerability in the
XMP image handling functionality in freeimage, a support library for various
graphics image formats. A specially crafted XMP file can cause an arbitrary
memory overwrite resulting in code execution.

For Debian 7 "Wheezy", this issue has been fixed in freeimage version
3.15.1-1.1+deb7u1.

We recommend that you upgrade your freeimage packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJX9jCeAAoJEB6VPifUMR5YU/4P/Agqeyk/yW2fqzobY96fD4CT
bjaeEVtILofEuUWp6l3sTyfB4XAAuV04v/5e10scWXwiyc0bxAG24S1y1QE3IY/j
da10bo+vPUc8vhQzKf3Wnag+LKAeMm6Kr4bOYZbDWZfhlpKKhp6yveA7bE7eCp7i
woNPzvYNHv1WyUr7NupfZ5xpL3HC9y8yRGFK/OC704FvYyTgRvY0jSs99s+bLH2k
IzlkGRPdK5GRVK4A/0vBY4S7wcZdWc7TeKzZz7MYXDjLakPriv5Kj8REiJ3q5uyA
FIt2p5RHXY59hKKdGghf+6xjWuDdXZ7p00W/0hHVKCh3f83eieZcqNzgZLqJ66Lx
nXc4qR7fbFO3Tgofq3o+I8o1zJ3o/Z5dt9OoiXWuJtsjLrylBVlKRUJv7yjPxb2/
fBICRWFtYyPOAimslaLRtnGjw4T/CXC7OS//YRW1kkGcTxq9VNByOVho1BSFLRVE
hyUrWs/ZWpHvV+oHxwdhLJ8GSvRBc5iiaLxIC+QvTTU73ATC/ygYwq0q4GYXfju4
U4QqpjOn+SF28XS6c0ZhbUAliUqCOZq5mHalHcb/1HQmu8XO9/zhoHD7Vjs1Azyt
tHNM3oAgJa1y09oUL5U3svXAJCMaqwVQ9tv+rPJOUTm+dLnKHcTFMnZTIFmBPY2a
MrBanjAoMgdpXTfv7EPT
=c/u2
-----END PGP SIGNATURE-----
Reply to: