An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability. External References: http://www.talosintelligence.com/reports/TALOS-2016-0189/ Upstream patches: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17&r2=1.18 http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19
Created freeimage tracking bugs for this issue: Affects: fedora-all [bug 1381518] Affects: epel-all [bug 1381520]
Created mingw-freeimage tracking bugs for this issue: Affects: fedora-all [bug 1381519]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.