Information on source package freeimage

Available versions

Release	Version
jessie	3.15.4-4.2+deb8u2
stretch	3.17.0+ds1-5+deb9u2
stretch (security)	3.17.0+ds1-5+deb9u1
buster	3.18.0+ds2-1+deb10u2
bullseye	3.18.0+ds2-6+deb11u1
bookworm	3.18.0+ds2-9+deb12u1
trixie	3.18.0+ds2-10
sid	3.18.0+ds2-10

Open issues

Bug	jessie	stretch	buster	bullseye	bookworm	trixie	sid	Description
CVE-2024-31570	vulnerable	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable	vulnerable	libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffe ...
CVE-2024-28584	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...
CVE-2024-28583	vulnerable	vulnerable	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28582	vulnerable	vulnerable	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28581	vulnerable	vulnerable	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28580	vulnerable	vulnerable	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28579	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28578	vulnerable	vulnerable	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28577	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Null Pointer Dereference vulnerability in open source FreeImage v.3.19 ...
CVE-2024-28576	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28575	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28574	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28573	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28572	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28571	vulnerable	vulnerable	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28570	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28569	vulnerable	vulnerable	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28568	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28567	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28566	vulnerable	vulnerable	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28565	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28564	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28563	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-28562	vulnerable	vulnerable	vulnerable	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909 ...
CVE-2024-9029	vulnerable	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable	vulnerable	A flaw was found in the freeimage library. Processing a crafted image ...
CVE-2023-47997	vulnerable	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in F ...
CVE-2023-47996	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in F ...
CVE-2023-47995	vulnerable	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	Memory Allocation with Excessive Size Value discovered in BitmapAccess ...
CVE-2023-47994	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	An integer overflow vulnerability in LoadPixelDataRLE4 function in Plu ...
CVE-2023-47993	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in Fre ...
CVE-2023-47992	vulnerable	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc ...
CVE-2021-40266	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vul ...
CVE-2021-40265	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function ...
CVE-2021-40264	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	NULL pointer dereference vulnerability in FreeImage before 1.18.0 via ...
CVE-2021-40263	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad funct ...
CVE-2021-40262	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	A stack exhaustion issue was discovered in FreeImage before 1.18.0 via ...
CVE-2021-33367	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA)	vulnerable (no DSA)	vulnerable	vulnerable	Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to ...
CVE-2020-24295	vulnerable	vulnerable (no DSA, postponed)	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in Fre ...
CVE-2020-24294	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDP ...
CVE-2020-24293	vulnerable	vulnerable (no DSA, postponed)	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp i ...
CVE-2020-24292	vulnerable	vulnerable (no DSA, postponed)	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	Buffer Overflow vulnerability in load function in PluginICO.cpp in Fre ...
CVE-2020-22524	vulnerable	fixed	fixed	fixed	fixed	fixed	fixed	Buffer Overflow vulnerability in FreeImage_Load function in FreeImage ...
CVE-2020-21428	vulnerable	fixed	fixed	fixed	fixed	fixed	fixed	Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in ...
CVE-2020-21427	vulnerable	fixed	fixed	fixed	fixed	fixed	fixed	Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginB ...
CVE-2020-21426	vulnerable	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	Buffer Overflow vulnerability in function C_IStream::read in PluginEXR ...
CVE-2019-12214	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	In FreeImage 3.18.0, an out-of-bounds access occurs because of mishand ...
CVE-2019-12212	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable (no DSA, postponed)	vulnerable	vulnerable	When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize ...

Resolved issues

Bug	Description
CVE-2019-12213	When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory ...
CVE-2019-12211	When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load ...
CVE-2016-5684	An exploitable out-of-bounds write vulnerability exists in the XMP ima ...
CVE-2015-3885	Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier ...
CVE-2015-0852	Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and e ...

Security announcements

DSA / DLA	Description
DSA-5579-1	freeimage - security update
ELA-1011-1	freeimage - security update
DLA-3662-1	freeimage - security update
DSA-4593-1	freeimage - security update
DLA-2031-1	freeimage - security update
DSA-3692-1	freeimage - security update
DLA-647-1	freeimage - security update
DSA-3392-1	freeimage - security update
DLA-327-1	freeimage - security update