Debian Security Advisory
DLA-647-1 freeimage -- LTS security update
- Date Reported:
- 06 Oct 2016
- Affected Packages:
- freeimage
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-5684.
- More information:
-
It was discovered that there was an out-of-bounds write vulnerability in the XMP image handling functionality in freeimage, a support library for various graphics image formats. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution.
For Debian 7
Wheezy
, this issue has been fixed in freeimage version 3.15.1-1.1+deb7u1.We recommend that you upgrade your freeimage packages.