1. 漏洞描述

FreeImage is a library project for developers who would like to support popular graphics image formats (PNG, JPEG, TIFF, BMP and others). Some highlights are: extremely simple in use, not limited to the local PC (unique FreeImageIO) and Plugin driven!

Security Fix(es):

Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.(CVE-2020-24292)

Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.(CVE-2020-24293)

Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.(CVE-2020-24295)

Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.(CVE-2021-33367)

A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.(CVE-2021-40263)

FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.(CVE-2021-40266)

Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.(CVE-2023-47995)

An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.(CVE-2023-47997)

2. 影响范围

3. 影响组件

4. 修复版本

5. 修复方法

方法一：下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存，如 xxx.rpm
2、通过rpm命令升级，如 rpm -Uvh xxx.rpm

方法二：通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包，如 yum install 包名

6. 下载链接

KY3.4-5A:

x86_64:

     freeimage   

     freeimage-devel   

aarch64:

     freeimage   

     freeimage-devel   

V6:

x86_64:

     freeimage   

     freeimage-devel   

aarch64:

     freeimage   

     freeimage-devel