A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
Created freeimage tracking bugs for this issue:
Affects: epel-all [bug 2235439]
Affects: fedora-all [bug 2235440]
Created mingw-freeimage tracking bugs for this issue:
Affects: fedora-all [bug 2235438]
I'm assuming this should read FreeImage before *3.18.0*? And where is it stated that only < 3.18.0 is affected? I can't find or deduce this information from the upstream report.
Hi, the CVE description probably meant 3.18.0, this is the way it's in the Mitre CVE page though.
I don't have affected information and the report is not very clear. However, given the upstream issue is still opened and the vulnerable code is present in 'trunk', I would say all versions before and including 3.18.0 are affected.