Vulnerabilities > CVE-2015-0852 - Numeric Errors vulnerability in Freeimage Project Freeimage 3.17.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2015-16105.NASL description This update resolves CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-10-02 plugin id 86237 published 2015-10-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86237 title Fedora 22 : freeimage-3.10.0-23.fc22 (2015-16105) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_33459061A1D611E58794BCAEC565249C.NASL description Pcheng pcheng reports : An integer overflow issue in the FreeImage project was reported and fixed recently. last seen 2020-06-01 modified 2020-06-02 plugin id 87361 published 2015-12-15 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/87361 title FreeBSD : freeimage -- multiple integer overflows (33459061-a1d6-11e5-8794-bcaec565249c) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-327.NASL description Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-10-19 plugin id 86428 published 2015-10-19 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86428 title Debian DLA-327-1 : freeimage security update NASL family Fedora Local Security Checks NASL id FEDORA_2015-DECBAB7C9F.NASL description Update to version 3.17.0, see http://freeimage.sourceforge.net/news.html for details. This update also includes a patch for CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89438 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89438 title Fedora 23 : mingw-freeimage-3.17.0-1.fc23 (2015-decbab7c9f) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3392.NASL description Pengsu Cheng discovered that FreeImage, a library for graphic image formats, contained multiple integer underflows that could lead to a denial of service: remote attackers were able to trigger a crash by supplying a specially crafted image. last seen 2020-06-01 modified 2020-06-02 plugin id 86727 published 2015-11-05 reporter This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/86727 title Debian DSA-3392-1 : freeimage - security update NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201701-68.NASL description The remote host is affected by the vulnerability described in GLSA-201701-68 (FreeImage: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in in FreeImage. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a specially crafted image file, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 96854 published 2017-01-30 reporter This script is Copyright (C) 2017 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/96854 title GLSA-201701-68 : FreeImage: Multiple vulnerabilities NASL family Fedora Local Security Checks NASL id FEDORA_2015-992342E82F.NASL description This update fixes CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-04 plugin id 89334 published 2016-03-04 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89334 title Fedora 22 : mingw-freeimage-3.15.4-6.fc22 (2015-992342e82f) NASL family Fedora Local Security Checks NASL id FEDORA_2015-16106.NASL description Update to version 3.17.0, see http://freeimage.sourceforge.net/news.html for details. This update includes a patch for CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-09-28 plugin id 86173 published 2015-09-28 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86173 title Fedora 23 : freeimage-3.17.0-1.fc23 (2015-16106) NASL family Fedora Local Security Checks NASL id FEDORA_2015-16104.NASL description This update resolves CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-10-02 plugin id 86236 published 2015-10-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86236 title Fedora 21 : freeimage-3.10.0-23.fc21 (2015-16104)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html
- http://www.debian.org/security/2015/dsa-3392
- http://www.openwall.com/lists/oss-security/2015/08/28/1
- http://www.securitytracker.com/id/1034077
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165
- https://security.gentoo.org/glsa/201701-68
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html