Debian Security Advisory

DLA-647-1 freeimage -- LTS security update

Date Reported:
06 Oct 2016
Affected Packages:
freeimage
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2016-5684.
More information:

It was discovered that there was an out-of-bounds write vulnerability in the XMP image handling functionality in freeimage, a support library for various graphics image formats. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution.

For Debian 7 Wheezy, this issue has been fixed in freeimage version 3.15.1-1.1+deb7u1.

We recommend that you upgrade your freeimage packages.