Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-33367: FreeImage / Discussion / Open Discussion: FreeImage 3.18.0 1byte OOB Read

Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

CVE
Open in Source
#vulnerability#linux#dos#buffer_overflow

  • Home

  • Browse

  • FreeImage

  • Discussion

  • Summary

  • Files

  • Reviews

  • Support

  • Mailing Lists

  • Code

  • Tickets ▾

    • Feature Requests
    • Patches
    • Bugs
    • Support Requests

  • News

  • Discussion

  • FreeImage

  • FreeImage

Menu ▾ ▴

FreeImage 3.18.0 1byte OOB Read

Created: 3 days ago

Updated: 3 days ago

  • ==3820756==ERROR:AddressSanitizer:heap-buffer-overflowonaddress0x612000001995 atpc0x5627bb77696fbp0x7ffc771a50d0sp0x7ffc771a50c0READofsize1at0x612000001995threadT0 #0 0x5627bb77696e in ReadInt32 Source/Metadata/Exif.cpp:120 #1 0x5627bb785e15 in ReadUint32 Source/Metadata/Exif.cpp:138 #2 0x5627bb785e15 in jpeg_read_exif_dir Source/Metadata/Exif.cpp:723 #3 0x5627bb78a6c8 in jpegxr_read_exif_gps_profile Source/Metadata/Exif.cpp:955 #4 0x5627bb6089d5 in ReadMetadata Source/FreeImage/PluginJXR.cpp:607 #5 0x5627bb6089d5 in Load Source/FreeImage/PluginJXR.cpp:1186 #6 0x5627bb560a76 in FreeImage_LoadFromHandle Source/FreeImage/Plugin.cpp:388 #7 0x5627bb560dd5 in FreeImage_Load Source/FreeImage/Plugin.cpp:408 #8 0x5627bb501abb in testClone(char const) /home/akuma/FreeImage/TestAPI/testImageType.cpp:34 #9 0x5627bb502100 in testAllocateCloneUnload(char const) /home/akuma/FreeImage/TestAPI/testImageType.cpp:56 #10 0x5627bb4eeaa2 in main /home/akuma/FreeImage/TestAPI/MainTestSuite.cpp:69 #11 0x7f696c2480b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2) #12 0x5627bb4fc16d in _start (/home/akuma/FreeImage/TestAPI/testAPI+0x1b716d) Address 0x612000001995 is a wild pointer. SUMMARY:AddressSanitizer:heap-buffer-overflow Source/Metadata/Exif.cpp:120inReadInt32Shadowbytes aroundthebuggyaddress: 0x0c247fff82e0:fafafafafafafafafafafafafafafafa 0x0c247fff82f0:fafafafafafafafafafafafafafafafa 0x0c247fff8300:fafafafafafafafafafafafafafafafa 0x0c247fff8310:fafafafafafafafafafafafafafafafa 0x0c247fff8320:fafafafafafafafafafafafafafafafa =>0x0c247fff8330:fafa[fa]fafafafafafafafafafafafafa 0x0c247fff8340:fafafafafafafafafafafafafafafafa 0x0c247fff8350:fafafafafafafafafafafafafafafafa 0x0c247fff8360:fafafafafafafafafafafafafafafafa

    [CVE-ID]
    CVE-2021-33367
    [Product]
    FreeImage 3.18.0
    [Version]
    FreeImage 3.18.0
    [Discoverer]
    3kyo0
    [Vulnerability Type]
    Buffer Overflow
    [Description]
    Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

Log in to post a comment.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE