Debian Security Advisory
DSA-3692-1 freeimage -- security update
- Date Reported:
- 13 Oct 2016
- Affected Packages:
- freeimage
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-3885, CVE-2016-5684.
- More information:
-
Multiple vulnerabilities were discovered in the FreeImage multimedia library, which might result in denial of service or the execution of arbitrary code if a malformed XMP or RAW image is processed.
For the stable distribution (jessie), these problems have been fixed in version 3.15.4-4.2+deb8u1.
For the testing distribution (stretch), these problems have been fixed in version 3.17.0+ds1-3.
For the unstable distribution (sid), these problems have been fixed in version 3.17.0+ds1-3.
We recommend that you upgrade your freeimage packages.