Bugzilla – Bug 1002621
VUL-0: CVE-2016-5684: FreeImage: Library XMP Image Handling Code Execution Vulnerability
Last modified: 2020-09-24 12:14:40 UTC
 News: http://blog.talosintel.com/2016/10/freeimage.html
 Technical Overview: http://www.talosintelligence.com/reports/TALOS-2016-0189/
Due to , tested versions: FreeImage 3.17.0, which is actual for Tumbleweed (see https://software.opensuse.org/package/freeimage) and Graphic repo for 42.1 and 42.2. and also 13.1, 13.2.
Also can be useful for 3.15.4 version...
you prepared the last major update and I don't find a maintainer for this package. Can you please provide an update for this package?
bugbot adjusting priority
Ok but can you attach a patch or at least a link to a commit ?
(In reply to Denisart Benjamin from comment #3)
> Ok but can you attach a patch or at least a link to a commit ?
've written an email to FreeImage developer (http://freeimage.sourceforge.net/contact.html). Waiting for his answer.
(In reply to Mikhail Kasimov from comment #4)
> (In reply to Denisart Benjamin from comment #3)
> > Ok but can you attach a patch or at least a link to a commit ?
> 've written an email to FreeImage developer
> (http://freeimage.sourceforge.net/contact.html). Waiting for his answer.
See "Note" section:
Fixed in Factory and Leap. Requests submitted:
openSUSE-SU-2018:0329-1: An update that fixes one vulnerability is now available.
Category: security (important)
Bug References: 1002621
CVE References: CVE-2016-5684
openSUSE Leap 42.3 (src): freeimage-3.17.0-5.1
Fixed and released.