FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freeimage | Freeimage_project | * | 1.18.0 (excluding) |
| Freeimage | Ubuntu | bionic | * |
| Freeimage | Ubuntu | focal | * |
| Freeimage | Ubuntu | lunar | * |
| Freeimage | Ubuntu | mantic | * |
| Freeimage | Ubuntu | oracular | * |
| Freeimage | Ubuntu | plucky | * |
| Freeimage | Ubuntu | trusty | * |
| Freeimage | Ubuntu | trusty/esm | * |
| Freeimage | Ubuntu | xenial | * |
Potential Mitigations
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFRQ76ZDPSWT7OH6FJDLSFWBXVBE6JDN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6GKMK74POW3RU7F4HLUJE7XEFLQDO35/
- https://sourceforge.net/p/freeimage/bugs/334/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFRQ76ZDPSWT7OH6FJDLSFWBXVBE6JDN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6GKMK74POW3RU7F4HLUJE7XEFLQDO35/
- https://sourceforge.net/p/freeimage/bugs/334/