CVE-2019-12214

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
freeimage_projectfreeimage
3.18.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freeimage
bullseye (security)
vulnerable
bullseye
postponed
bookworm
postponed
buster
postponed
stretch
postponed
jessie
postponed
bookworm (security)
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeimage
noble
deferred
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
deferred
impish
ignored
hirsute
ignored
groovy
ignored
focal
deferred
eoan
ignored
disco
ignored
cosmic
ignored
bionic
deferred
xenial
deferred
trusty
deferred
Common Weakness Enumeration
References
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/