CVE-2019-12211

Priority
Description
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load
function of the PluginTIFF.cpp file, but a memcpy occurs in which the
destination address and the size of the copied data are not considered,
resulting in a heap overflow.
Ubuntu-Description
It was discovered that FreeImage incorrectly handled certain memory
operations. If a user were tricked into opening a crafted TIFF file, a
remote attacker could use this issue to cause a heap buffer overflow,
resulting in a denial of service attack.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needs-triage
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):released (3.17.0+ds1-5+deb9u1build0.18.04.1)
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):not-affected (3.18.0+ds2-6ubuntu1)
More Information

Updated: 2020-10-06 20:14:28 UTC (commit 7efb916343184e96da89bec731a5a8bf3e56e17f)