Debian activities (LTS, ELTS) Link to heading
-
DLA-3662-1 freeimage_3.18.0+ds2-1+deb10u2, ELA-1011-1 freeimage_3.17.0+ds1-5+deb9u2
CVE-2020-21427: Buffer overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-21428: (only buster) Buffer overflow vulnerability in function LoadRGB in PluginDDS.cpp allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVE-2020-22524: Buffer overflow vulnerability in FreeImage_Load function allows remote attackers to run arbitrary code and cause other impacts via crafted PFM file.
-
DLA-3676-1 libde265_1.0.11-0+deb10u5
CVE-2023-27102: NULL pointer dereference in function decoder_context::process_slice_segment_header at decctx.cc.
CVE-2023-27103: Heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.
CVE-2023-43887: Multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.
CVE-2023-47471: Buffer overflow vulnerability in strukturag may cause a denial of service via the slice_segment_header function in the slice.cc component.
Other Debian activities Link to heading
- Prepared Boost transition and filed corresponding bugs.