A new freeimage package is available for Debian GNU/Linux 9 Extended LTS to address multiple vulnerabilities:
ELA-1011-1 freeimage security update
ELA-1011-1 freeimage security update
ELA-1011-1 freeimage security update
Package : freeimage
Version : 3.17.0+ds1-5+deb9u2
Related CVEs :
CVE-2020-21427
CVE-2020-22524
Multiple vulnerabilities were discovered in freeimage, library for graphics image formats.
CVE-2020-21427
Buffer overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-22524
Buffer overflow vulnerability in FreeImage_Load function allows remote attackers to run arbitrary code and cause other impacts via crafted PFM file.
