An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.
Weakness
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Freeimage | Freeimage_project | 3.18.0 (including) | 3.18.0 (including) |
| Freeimage | Ubuntu | bionic | * |
| Freeimage | Ubuntu | focal | * |
| Freeimage | Ubuntu | lunar | * |
| Freeimage | Ubuntu | mantic | * |
| Freeimage | Ubuntu | oracular | * |
| Freeimage | Ubuntu | plucky | * |
| Freeimage | Ubuntu | trusty | * |
| Freeimage | Ubuntu | trusty/esm | * |
| Freeimage | Ubuntu | xenial | * |
References
- https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EDK7DSADYUHJFNVSRGJHEFJGMWRGGDLM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3ZNVRL5PCTMMA3ZBDKH5WH4RT4ST3HW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLDUDJOWZAKBQMQ7XYNJTRCFPOB56BOE/
- https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EDK7DSADYUHJFNVSRGJHEFJGMWRGGDLM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K3ZNVRL5PCTMMA3ZBDKH5WH4RT4ST3HW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VLDUDJOWZAKBQMQ7XYNJTRCFPOB56BOE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EDK7DSADYUHJFNVSRGJHEFJGMWRGGDLM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K3ZNVRL5PCTMMA3ZBDKH5WH4RT4ST3HW/