Bug#797165: CVE-2015-0852: integer overflow in PluginPCX.cpp
Source: freeimage
Version: 3.10.0-4
Severity: serious
Tags: security upstream fixed-upstream
Hi,
the following vulnerability was published for freeimage.
CVE-2015-0852[0]:
Integer overflow in PluginPCX.cpp
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-0852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0852
https://marc.info/?l=oss-security&m=144073280200732&w=2
Please adjust the affected versions in the BTS as needed.
BTW upstream patches are available but they are not minimal patches:
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.17&r2=1.18&pathrev=MAIN
http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.18&r2=1.19&pathrev=MAIN
Hopefully one the of the people who will discover this RC bug (because
their package depends on freeimage or whatever) can be convinced to take
over this package... it has been orphaned for way too long.
Note that the package has another pending security issue (#786790).
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/
Reply to: