Fluid Attacks Database

Description

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	freeimage	>=0 <3.18.0+ds2-3	3.18.0+ds2-3
debian 13	freeimage	>=0 <3.18.0+ds2-3	3.18.0+ds2-3
debian 11	freeimage	>=0 <3.18.0+ds2-3	3.18.0+ds2-3
debian 12	freeimage	>=0 <3.18.0+ds2-3	3.18.0+ds2-3

Aliases

1. CVE-2019-122112. NVD-2019-122113. OSV-DEBIAN-2019-122114. OSV-2019-122115. SECURITY-TRACKER-CVE-2019-12211

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.