Debian Long Term Support / LTS Security Information / 2016 / Security Information -- DLA-647-1 freeimage

Debian Security Advisory

DLA-647-1 freeimage -- LTS security update

Date Reported:

06 Oct 2016

Affected Packages:

freeimage

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-5684.

More information:

It was discovered that there was an out-of-bounds write vulnerability in the XMP image handling functionality in freeimage, a support library for various graphics image formats. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution.

For Debian 7 Wheezy, this issue has been fixed in freeimage version 3.15.1-1.1+deb7u1.

We recommend that you upgrade your freeimage packages.