Received: by 2002:ab2:1347:0:b0:1f4:ac9d:b246 with SMTP id g7csp407543lqg; Thu, 11 Apr 2024 06:47:23 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW7AW934yKu1FGE4ASOemyw9MdQzCdfDxupHectQ4m/RDguVAUdK13wMVoVnMBTh5Vy6LBB+KiRyi4213Ar6FAJkUsqI3v6zyRi8fb5aQ== X-Google-Smtp-Source: AGHT+IGGHAW5YMuR0p5BE1PNc4noXEozPQVY+ErhPIw16zU/g7V8S+IG7TBv4pO1AwJ2NwPeG4Fv X-Received: by 2002:a05:620a:171e:b0:78e:c0de:5783 with SMTP id az30-20020a05620a171e00b0078ec0de5783mr2387447qkb.13.1712843242887; Thu, 11 Apr 2024 06:47:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1712843242; cv=none; d=google.com; s=arc-20160816; b=pUxgmiARdYP1HHzOUKBCJHsO0FmaMWKM1hUscyg1V0/uWHAeJEs/Z0jwLlas6jiHxG Y2uRQnGOL9sQLknh3zpAPR8n5HjZ8gYSfHfi5OkHWk9mmtQ2y2objvq+ORv1s5yVB5Ae qVdXGWmalOus9xGenF1zAukrXWj0I/T3NVtcFagslxVC79ZUUvkIxAysKNE/tpE3Fif6 ipBI9SJPGQG7sz573rlYbgq/2exL1WFvxQNJTTBt4xuNshI35hBltofXBppkieQudmzP WmLh0e7rTQJV+i35NbqQsAaQKUkUKzcbUid5e+/BHxHLFB55FgPyNMLaq1nc574PFhLb EgZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=subject:cc:to:message-id:date:from:mime-version:dkim-signature :delivered-to:delivered-to:reply-to:list-id:list-subscribe :list-unsubscribe:list-help:list-post:precedence:mailing-list; bh=vaTcHEziTGCgADL4nRSYO/8F1avj6EqXuzfslZYaEAo=; fh=MFH3ycimMvuhogEW02tsWrocT6UenGAlHfdviocKOUY=; b=brJXzf/327SNfQb3foFY+nf7BBc0xPDRZKmhKF4pq9RAAvk8t8fS0CR8h6SimE/8WM Rlo0e2RTnaM2sq7Y3kYZQlgSrwK8rW9KZgZn5FF/Hnq2sqlbuk14DXNtQ0b/1lwFjfsP En/A2OWaG2pzGSmoyqKpla3k+m4LdLKm+2hVSPlHUijafN3LFJjEBHL0jS06hdTsO+42 1hxECAd5jqU+lyRUfQCKLn6vNSkjh2IO1aPRLcDzooDo6PKIoCpdzGBv+Hsv2z/92HCC WYpspobkJi4fTYk0XE/lMdeyHWuXWVveWWg6p5QcYdH4l1bVOa/vCthMBjOAI1txGxct Q2Zg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=KvsIxeAK; spf=pass (google.com: domain of oss-security-return-29998-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-29998-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from second.openwall.net (second.openwall.net. [193.110.157.125]) by mx.google.com with SMTP id qr5-20020a05620a390500b0078ec024b5f5si1687995qkn.511.2024.04.11.06.47.22 for ; Thu, 11 Apr 2024 06:47:22 -0700 (PDT) Received-SPF: pass (google.com: domain of oss-security-return-29998-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) client-ip=193.110.157.125; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20230601 header.b=KvsIxeAK; spf=pass (google.com: domain of oss-security-return-29998-linux.lists.archive=gmail.com@lists.openwall.com designates 193.110.157.125 as permitted sender) smtp.mailfrom="oss-security-return-29998-linux.lists.archive=gmail.com@lists.openwall.com"; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (qmail 26079 invoked by uid 550); 11 Apr 2024 13:43:42 -0000 Mailing-List: contact oss-security-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: oss-security@lists.openwall.com Delivered-To: mailing list oss-security@lists.openwall.com Delivered-To: moderator for oss-security@lists.openwall.com Received: (qmail 11577 invoked from network); 11 Apr 2024 08:22:55 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1712823766; x=1713428566; darn=lists.openwall.com; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=HeZDSb53o3G20EDpBt0V5eNDb9AvRlhgvD401/qIb/o=; b=KvsIxeAK7WBhKZHRTaIQC/RAwnYnvgDDIeougA6WH1SQkuR/HYypj8SiZBz1ntACTV amRbJO8ir6pK5zkNhJSMKdDmASyurFpR2+wZUgYuq7pUHhHOS97KOxc8rI7ixsMrj5s2 YfVuD51HQ/NrLUt/GLJy4n2t5gn67EGzde7OoT3esAHv/gViYxiIg5FEArmSK9OOceKM cX+tR5xsWX49+qOh7W9jmuZiUPeyfJc9dClmr2fX8SWjNDjSNAl7VEoFoIAiy17J71Oo krr927fSeGRVkoSGqfa81yZr4uKHaOYeW4hlhRu87XSzOJ4wS8cn/Cg27ymyoJ9tco6O AWkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1712823766; x=1713428566; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=HeZDSb53o3G20EDpBt0V5eNDb9AvRlhgvD401/qIb/o=; b=nL1jPO0lkUwACR0ZDxzp7yVbwmypA3SoLG968HxZQ8nhRpj0sb1+tkWvcLCc/QW5JM T8/gC0RJMnxhKVtKJyAw3nbAv5mcBWaFDl2B2BqMhMOSDsl58RXoWhD5w46tbpJoMuGF WwFQ9z/7MMJSnvD3YjeeyrkWfjypO441kUpSyVrImIXLjYx280wX3diSbdPzKGXR6Yzv 6964EOhfwbc2zjTjlxI9lE+pbJXDwCH5XcrJ/OatYudskdnmUEcnCTAkFJ0PZre9yyXS e+YiGFhRK/lz75PJ2rl3+PQNafm5yFbM9d5WywgbXPVgTCT+XJgeVkSnTP0DTGS+iLQn D2QA== X-Gm-Message-State: AOJu0YxVEGFwC3TGBQ6rvQnPmgARjOD2lSJho7J2vr4LagY5oz2tz2/2 0wjD2fqsmy7FKcN93yLAqR2TN0biqHuggpWhPqPXdrU8EZjamOCIOyc/OvXGtxi37gHRg6xc6BI KmbG6bku0FSohFbfQnQchUYvtEGc= X-Received: by 2002:a81:778a:0:b0:615:4e88:c029 with SMTP id s132-20020a81778a000000b006154e88c029mr4982131ywc.51.1712823765980; Thu, 11 Apr 2024 01:22:45 -0700 (PDT) MIME-Version: 1.0 From: Tianyu Chen Date: Thu, 11 Apr 2024 16:22:35 +0800 Message-ID: To: oss-sec@mknap.com Cc: oss-security@lists.openwall.com Content-Type: multipart/alternative; boundary="00000000000022614e0615cddc4d" Subject: [oss-security] Re: CWE-121, CWE-122: libfreeimage 3.40-3.18/19+ buffer overflow --00000000000022614e0615cddc4d Content-Type: text/plain; charset="UTF-8" Hi Michael, I believe there may be a duplicate report for freeimage that you should be aware of. You can find it at the following link: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 The linked report includes CVE-2024-28562, CVE-2024-28563, CVE-2024-28564, CVE-2024-28565, and more up to CVE-2024-28584. Best regards, Tianyu Chen --00000000000022614e0615cddc4d--