Headline
Ubuntu Security Notice USN-6586-1
Ubuntu Security Notice 6586-1 - It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS.
==========================================================================
Ubuntu Security Notice USN-6586-1
January 16, 2024
freeimage vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
- Ubuntu 14.04 LTS (Available with Ubuntu Pro)
Summary:
Several security issues were fixed in FreeImage.
Software Description:
- freeimage: Support library for graphics image formats
Details:
It was discovered that FreeImage incorrectly handled certain memory
operations. If a user were tricked into opening a crafted TIFF file, a
remote attacker could use this issue to cause a heap buffer overflow,
resulting in a denial of service attack. This issue only affected Ubuntu
16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12211)
It was discovered that FreeImage incorrectly processed images under
certain circumstances. If a user were tricked into opening a crafted TIFF
file, a remote attacker could possibly use this issue to cause a stack
exhaustion condition, resulting in a denial of service attack. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12213)
It was discovered that FreeImage incorrectly processed certain images.
If a user or automated system were tricked into opening a specially
crafted image file, a remote attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2020-21427,
CVE-2020-21428)
It was discovered that FreeImage incorrectly processed certain images.
If a user or automated system were tricked into opening a specially
crafted PFM file, an attacker could possibly use this issue to cause a
denial of service. (CVE-2020-22524)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 23.10:
libfreeimage3 3.18.0+ds2-9.1ubuntu0.1
libfreeimageplus3 3.18.0+ds2-9.1ubuntu0.1
Ubuntu 23.04:
libfreeimage3 3.18.0+ds2-9ubuntu0.1
libfreeimageplus3 3.18.0+ds2-9ubuntu0.1
Ubuntu 22.04 LTS:
libfreeimage3 3.18.0+ds2-6ubuntu5.1
libfreeimageplus3 3.18.0+ds2-6ubuntu5.1
Ubuntu 20.04 LTS:
libfreeimage3 3.18.0+ds2-1ubuntu3.1
libfreeimageplus3 3.18.0+ds2-1ubuntu3.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libfreeimage3 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1
libfreeimageplus3 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libfreeimage3 3.17.0+ds1-2ubuntu0.1+esm1
libfreeimageplus3 3.17.0+ds1-2ubuntu0.1+esm1
Ubuntu 14.04 LTS (Available with Ubuntu Pro):
libfreeimage3 3.15.4-3ubuntu0.1+esm3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6586-1
CVE-2019-12211, CVE-2019-12213, CVE-2020-21427, CVE-2020-21428,
CVE-2020-22524
Package Information:
https://launchpad.net/ubuntu/+source/freeimage/3.18.0+ds2-9.1ubuntu0.1
https://launchpad.net/ubuntu/+source/freeimage/3.18.0+ds2-9ubuntu0.1
https://launchpad.net/ubuntu/+source/freeimage/3.18.0+ds2-6ubuntu5.1
https://launchpad.net/ubuntu/+source/freeimage/3.18.0+ds2-1ubuntu3.1
Related news
Debian Linux Security Advisory 5579-1 - Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed.
Debian Linux Security Advisory 5579-1 - Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed.
Debian Linux Security Advisory 5579-1 - Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed.
Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.
Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.