An update for freeimage is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2305 Final 1.0 1.0 2024-11-01 Initial 2024-11-01 2024-11-01 openEuler SA Tool V1.0 2024-11-01 freeimage security update An update for freeimage is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3 FreeImage is a library project for developers who would like to support popular graphics image formats (PNG, JPEG, TIFF, BMP and others). Some highlights are: extremely simple in use, not limited to the local PC (unique FreeImageIO) and Plugin driven! Security Fix(es): Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.(CVE-2020-24292) Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.(CVE-2020-24293) Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.(CVE-2020-24295) Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.(CVE-2021-33367) A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.(CVE-2021-40263) FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.(CVE-2021-40266) Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.(CVE-2023-47995) An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.(CVE-2023-47997) An update for freeimage is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP1,openEuler-24.03-LTS,openEuler-22.03-LTS-SP4,openEuler-22.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High freeimage https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-24292 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-24293 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2020-24295 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-33367 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-40263 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2021-40266 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-47995 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-47997 https://nvd.nist.gov/vuln/detail/CVE-2020-24292 https://nvd.nist.gov/vuln/detail/CVE-2020-24293 https://nvd.nist.gov/vuln/detail/CVE-2020-24295 https://nvd.nist.gov/vuln/detail/CVE-2021-33367 https://nvd.nist.gov/vuln/detail/CVE-2021-40263 https://nvd.nist.gov/vuln/detail/CVE-2021-40266 https://nvd.nist.gov/vuln/detail/CVE-2023-47995 https://nvd.nist.gov/vuln/detail/CVE-2023-47997 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 freeimage-3.18.0-7.oe2003sp4.aarch64.rpm freeimage-devel-3.18.0-7.oe2003sp4.aarch64.rpm freeimage-3.18.0-11.oe2203sp1.aarch64.rpm freeimage-debuginfo-3.18.0-11.oe2203sp1.aarch64.rpm freeimage-debugsource-3.18.0-11.oe2203sp1.aarch64.rpm freeimage-devel-3.18.0-11.oe2203sp1.aarch64.rpm freeimage-3.18.0-13.oe2403.aarch64.rpm freeimage-debuginfo-3.18.0-13.oe2403.aarch64.rpm freeimage-debugsource-3.18.0-13.oe2403.aarch64.rpm freeimage-devel-3.18.0-13.oe2403.aarch64.rpm freeimage-3.18.0-11.oe2203sp4.aarch64.rpm freeimage-debuginfo-3.18.0-11.oe2203sp4.aarch64.rpm freeimage-debugsource-3.18.0-11.oe2203sp4.aarch64.rpm freeimage-devel-3.18.0-11.oe2203sp4.aarch64.rpm freeimage-3.18.0-11.oe2203sp3.aarch64.rpm freeimage-debuginfo-3.18.0-11.oe2203sp3.aarch64.rpm freeimage-debugsource-3.18.0-11.oe2203sp3.aarch64.rpm freeimage-devel-3.18.0-11.oe2203sp3.aarch64.rpm freeimage-3.18.0-7.oe2003sp4.src.rpm freeimage-3.18.0-11.oe2203sp1.src.rpm freeimage-3.18.0-13.oe2403.src.rpm freeimage-3.18.0-11.oe2203sp4.src.rpm freeimage-3.18.0-11.oe2203sp3.src.rpm freeimage-3.18.0-7.oe2003sp4.x86_64.rpm freeimage-devel-3.18.0-7.oe2003sp4.x86_64.rpm freeimage-3.18.0-11.oe2203sp1.x86_64.rpm freeimage-debuginfo-3.18.0-11.oe2203sp1.x86_64.rpm freeimage-debugsource-3.18.0-11.oe2203sp1.x86_64.rpm freeimage-devel-3.18.0-11.oe2203sp1.x86_64.rpm freeimage-3.18.0-13.oe2403.x86_64.rpm freeimage-debuginfo-3.18.0-13.oe2403.x86_64.rpm freeimage-debugsource-3.18.0-13.oe2403.x86_64.rpm freeimage-devel-3.18.0-13.oe2403.x86_64.rpm freeimage-3.18.0-11.oe2203sp4.x86_64.rpm freeimage-debuginfo-3.18.0-11.oe2203sp4.x86_64.rpm freeimage-debugsource-3.18.0-11.oe2203sp4.x86_64.rpm freeimage-devel-3.18.0-11.oe2203sp4.x86_64.rpm freeimage-3.18.0-11.oe2203sp3.x86_64.rpm freeimage-debuginfo-3.18.0-11.oe2203sp3.x86_64.rpm freeimage-debugsource-3.18.0-11.oe2203sp3.x86_64.rpm freeimage-devel-3.18.0-11.oe2203sp3.x86_64.rpm Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file. 2024-11-01 CVE-2020-24292 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H freeimage security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305 Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file. 2024-11-01 CVE-2020-24293 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H freeimage security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305 Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file. 2024-11-01 CVE-2020-24295 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H freeimage security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305 Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file. 2024-11-01 CVE-2021-33367 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 Medium 5.5 AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H freeimage security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305 A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp. 2024-11-01 CVE-2021-40263 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 High 8.8 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H freeimage security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305 FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference. 2024-11-01 CVE-2021-40266 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H freeimage security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305 Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service. 2024-11-01 CVE-2023-47995 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H freeimage security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305 An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service. 2024-11-01 CVE-2023-47997 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP1 openEuler-24.03-LTS openEuler-22.03-LTS-SP4 openEuler-22.03-LTS-SP3 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H freeimage security update 2024-11-01 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2305