Fluid Attacks Database

Description

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	freeimage	>=0 <3.17.0+ds1-3	3.17.0+ds1-3
debian 13	freeimage	>=0 <3.17.0+ds1-3	3.17.0+ds1-3
debian 14	freeimage	>=0 <3.17.0+ds1-3	3.17.0+ds1-3
debian 12	freeimage	>=0 <3.17.0+ds1-3	3.17.0+ds1-3

Aliases

1. CVE-2016-56842. NVD-2016-56843. OSV-DEBIAN-2016-56844. OSV-2016-56845. SECURITY-TRACKER-CVE-2016-5684

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.