Note:
This project will be discontinued after December 13, 2021. [more]
2017-01-06
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability.
| Products | Freeimage |
| Type | Out-of-bounds Write (CWE-787) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://www.talosintelligence.com/reports/TALOS-2016-0189/
• http://www.securityfocus.com/bid/93287 • https://usn.ubuntu.com/3925-1/ • https://security.gentoo.org/glsa/201701-68 • https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html |