Описание
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| freeimage | unfixed | package | ||
| freeimage | postponed | trixie | package | |
| freeimage | postponed | bookworm | package | |
| freeimage | postponed | bullseye | package | |
| freeimage | postponed | buster | package | |
| freeimage | postponed | stretch | package | |
| freeimage | postponed | jessie | package |
Примечания
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
EPSS
Связанные уязвимости
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
EPSS