Security update for freeimage SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0329-1 Final 1 1 2018-01-31T20:24:39Z current 2018-01-31T20:24:39Z 2018-01-31T20:24:39Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freeimage This update for freeimage fixes one issues. This security issue was fixed: - CVE-2016-5684: Prevent out-of-bounds write vulnerability in the XMP image handling functionality. A specially crafted XMP file could have caused an arbitrary memory overwrite resulting in code execution (boo#1002621). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00000.html E-Mail link for openSUSE-SU-2018:0329-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 freeimage-3.17.0-5.1 freeimage-devel-3.17.0-5.1 libfreeimage3-3.17.0-5.1 libfreeimageplus3-3.17.0-5.1 freeimage-3.17.0-5.1 as a component of openSUSE Leap 42.3 freeimage-devel-3.17.0-5.1 as a component of openSUSE Leap 42.3 libfreeimage3-3.17.0-5.1 as a component of openSUSE Leap 42.3 libfreeimageplus3-3.17.0-5.1 as a component of openSUSE Leap 42.3 An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability. CVE-2016-5684 openSUSE Leap 42.3:freeimage-3.17.0-5.1 openSUSE Leap 42.3:freeimage-devel-3.17.0-5.1 openSUSE Leap 42.3:libfreeimage3-3.17.0-5.1 openSUSE Leap 42.3:libfreeimageplus3-3.17.0-5.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00000.html https://www.suse.com/security/cve/CVE-2016-5684.html CVE-2016-5684 https://bugzilla.suse.com/1002621 SUSE Bug 1002621