CVE-2019-12212

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
freeimage_projectfreeimage
3.18.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freeimage
bullseye (security)
vulnerable
bullseye
postponed
bookworm
postponed
buster
postponed
stretch
postponed
jessie
postponed
bookworm (security)
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeimage
noble
deferred
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
deferred
impish
ignored
hirsute
ignored
groovy
ignored
focal
deferred
eoan
ignored
disco
ignored
cosmic
ignored
bionic
deferred
xenial
deferred
trusty
deferred
Common Weakness Enumeration
References
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/