1994924 – Heap-based buffer overflow in freeimage(r1828) in J2K plugin

Bug 1994924 - Heap-based buffer overflow in freeimage(r1828) in J2K plugin

Summary: Heap-based buffer overflow in freeimage(r1828) in J2K plugin

Keywords:
Status:	NEW
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	freeimage
Sub Component:
Version:	epel8
Hardware:	x86_64
OS:	All
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Assignee:	Richard Shaw
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-08-18 08:00 UTC by 54jin.huang
Modified:	2021-08-19 08:34 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	---
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description 54jin.huang 2021-08-18 08:00:55 UTC

# Description of problem:

There is a heap-based buffer overflow in freeimage(r1828) J2K plugin while loading image with FreeImage_Load function。
This was fixed in freeimage SVN from svn1878. But Fedora EPEL freeimage is based on freeimage 3.17, which is still affected.

# Details

Please see the freeimage project bug list.
https://sourceforge.net/p/freeimage/bugs/310/

# Version-Release number of selected component (if applicable):

Freeimage Library 3.19.0 (r1828)


# Patch:
https://sourceforge.net/p/freeimage/patches/143/


Credit:
ADLab of Venustech

Note You need to log in before you can comment on or make changes to this bug.