CVE-2019-12213Uncontrolled Recursion in Project Freeimage

CWE-674Uncontrolled Recursion13 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 43.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Freeimage Project FreeimageCanonical Ubuntu LinuxDebian Linux+1 more
Timeline
PublishedMay 20
Latest updateJan 16

Description

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

Debianfreeimage_project/freeimage< 3.18.0+ds2-3+3

Also affects: Debian Linux 10.0, 8.0, 9.0, Fedora 30, 31, Ubuntu Linux 18.04

🔴Vulnerability Details

5
OSV
freeimage vulnerabilities2024-01-16
GHSA
GHSA-32gm-g888-8wvj: When FreeImage 32022-05-24
OSV
freeimage vulnerabilities2020-09-22
CVEList
CVE-2019-12213: When FreeImage 32019-05-20
OSV
CVE-2019-12213: When FreeImage 32019-05-20

📋Vendor Advisories

3
Ubuntu
FreeImage vulnerabilities2024-01-16
Ubuntu
FreeImage vulnerabilities2020-09-22
Debian
CVE-2019-12213: freeimage - When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function ...2019

💬Community

4
Bugzilla
CVE-2019-12213 freeimage: stack exhaustion in function TIFFReadDirectory in PluginTIFF.cpp2019-07-23
Bugzilla
CVE-2019-12213 freeimage: stack exhaustion in function TIFFReadDirectory in PluginTIFF.cpp [epel-all]2019-07-23
Bugzilla
CVE-2019-12213 mingw-freeimage: freeimage: stack exhaustion in function TIFFReadDirectory in PluginTIFF.cpp [fedora-all]2019-07-23
Bugzilla
CVE-2019-12213 freeimage: stack exhaustion in function TIFFReadDirectory in PluginTIFF.cpp [fedora-all]2019-07-23
CVE-2019-12213 — Uncontrolled Recursion | cvebase