CVE-2019-12213 in Ubuntu

CVE-2019-12213

Priority

Description

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory
function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

Ubuntu-Description

It was discovered that FreeImage incorrectly processed images under
certain circumstances. If a user were tricked into opening a crafted TIFF
file, a remote attacker could possibly use this issue to cause a stack
exhaustion condition, resulting in a denial of service attack.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12213
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
https://ubuntu.com/security/notices/USN-4529-1

Notes

Package

Source: freeimage (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	released (3.17.0+ds1-5+deb9u1build0.18.04.1)
Ubuntu 20.04 LTS:	needed
Ubuntu 21.10:	not-affected (3.18.0+ds2-6ubuntu1)
Ubuntu 22.04 LTS:	not-affected (3.18.0+ds2-6ubuntu1)
Ubuntu 14.04 ESM:	needs-triage

Patches:

More Information

Updated: 2022-04-25 00:36:52 UTC (commit ecc1009cb19540b950de59270950018900f37f15)