Bugzilla – Bug 1135736
VUL-0: CVE-2019-12211: freeimage: heap buffer overflow in Load function of the PluginTIFF.cpp
Last modified: 2020-01-16 14:20:26 UTC
CVE-2019-12211 When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12211 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12211 https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
This is automated batch bugzilla cleanup. The openSUSE 42.3 changed to end-of-life (EOL [1]) status. As such it is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of openSUSE (At this moment openSUSE Leap 15.1, 15.0 and Tumbleweed) please feel free to reopen this bug against that version (!you must update the "Version" component in the bug fields, do not just reopen please), or alternatively create a new ticket. Thank you for reporting this bug and we are sorry it could not be fixed during the lifetime of the release. [1] https://en.opensuse.org/Lifetime
unfixed in 15.0 and 15.1