CVE-2019-12211Out-of-bounds Write in Project Freeimage

CWE-787Out-of-bounds Write13 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 22.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Freeimage Project FreeimageCanonical Ubuntu Linux
Timeline
PublishedMay 20
Latest updateJan 16

Description

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianfreeimage_project/freeimage< 3.18.0+ds2-3+3
Ubuntufreeimage_project/freeimage< 3.17.0+ds1-5+deb9u1build0.18.04.1+5

Also affects: Ubuntu Linux 18.04

🔴Vulnerability Details

5
OSV
freeimage vulnerabilities2024-01-16
GHSA
GHSA-v535-35pv-hpf9: When FreeImage 32022-05-24
OSV
freeimage vulnerabilities2020-09-22
OSV
CVE-2019-12211: When FreeImage 32019-05-20
CVEList
CVE-2019-12211: When FreeImage 32019-05-20

📋Vendor Advisories

3
Ubuntu
FreeImage vulnerabilities2024-01-16
Ubuntu
FreeImage vulnerabilities2020-09-22
Debian
CVE-2019-12211: freeimage - When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function ...2019

💬Community

4
Bugzilla
CVE-2019-12211 freeimage: heap-based buffer overflow in PluginTIFF.cpp [epel-all]2019-07-23
Bugzilla
CVE-2019-12211 freeimage: heap-based buffer overflow in PluginTIFF.cpp2019-07-23
Bugzilla
CVE-2019-12211 freeimage: heap-based buffer overflow in PluginTIFF.cpp [fedora-all]2019-07-23
Bugzilla
CVE-2019-12211 mingw-freeimage: freeimage: heap-based buffer overflow in PluginTIFF.cpp [fedora-all]2019-07-23
CVE-2019-12211 — Out-of-bounds Write | cvebase