oss-sec mailing list archives

Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow

From: Michael Knap <oss-sec () mknap com>
Date: Thu, 11 Apr 2024 09:02:25 +0000



-------- Original Message --------
On 11/04/2024 09:22, Tianyu Chen wrote:

Hi Michael,
I believe there may be a duplicate report for freeimage that you should be aware of. You can find it at the following 
link:

https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909

The linked report includes CVE-2024-28562, CVE-2024-28563, CVE-2024-28564, CVE-2024-28565, and more up to 
CVE-2024-28584.

Best regards,
Tianyu Chen


Hi Tianyu,

Indeed, it seems so! I apologize for any inconvenience this may have caused.

I conducted a search on MITRE for the library and found several current CVEs,
but I did not come across this specific report. Given that they are fairly recent,
there might have been a period during which they were not yet visible in public searches.

Thank you for bringing this to my attention!

Best regards, 

Michael Knap

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Michael Knap (Apr 09)
- <Possible follow-ups>
- Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Tianyu Chen (Apr 11)
  - Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Michael Knap (Apr 11)
    - Re: Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow Michael Knap (Apr 11)