This vulnerability was discovered by Yves Younan.

Talos, in coordination with FreeImage, is disclosing the discovery of TALOS-2016-0189 / CVE-2016-5684.

Overview

FreeImage is widely used software integrated into over 100 products ranging from free to paid licensing and include multimedia software, games, developer tools, PDF generators and more. FreeImage makes use of a common file format created by Adobe, Extensible Metadata Platform (XMP) that allows real-time managing of metadata. Per Adobe, the XMP file format, allows users to “embed metadata into files themselves during the content creation process”, and FreeImage’s 3.17.0 integration of this file format into its software is vulnerable to an overflow in the “Colors Per Pixel” value of an XMP image. Generally speaking, when FreeImage 3.17.0 opens an XMP file with a large enough Colors Per Pixel value, i.e. the number is too large, it is not handled properly by follow-on code in the function that uses it. You can liken it to taking a 99 oz. glass, turning on the faucet, and filling it up with 100+ ounces of water. The water spills over and gets into areas you don’t want it to be. In technical terms, the large value is not properly validated during the code execution and it can trigger an out of bounds write. This causes an arbitrary memory overwrite that can effectively result in remote code execution. This is likely to be exploited if someone sends you a maliciously crafted image file as an email attachment or possibly via an instant message.

Due to the widespread integration and the relative ease with which the vulnerability can be exploited, we strongly encourage anyone using software that integrates FreeImage to patch their platforms as soon as possible. A list of software can be found on FreeImage’s site here .

FreeImage patched this vulnerability in CVS on August 7th, however they have not released a new version of the software. If you use FreeImage, it is recommended that you update to the CVS version to avoid being exposed to this vulnerability.

For the full technical details regarding this vulnerability, please refer to the vulnerability advisory which can be found on our website here .

Coverage

Talos has released rules that detect attempts to exploit this vulnerability to protect our customers. Please note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your FireSIGHT Management Center or Snort.org.

Snort Rules: 39883 & 39884

For further zero day or vulnerability reports and information visit: http://www.talosintelligence.com/vulnerability-reports/

本文网络安全相关术语:网络安全工程师 网络信息安全 网络安全技术 网络安全知识

主题: CVS
tags: FreeImage,vulnerability,software
分页:12
转载请注明
本文标题:Vulnerability Spotlight: FreeImage Library XMP Image Handling Code Execution Vul ...
本站链接:https://www.codesec.net/view/478813.html


1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责;
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性,不作出任何保证或承若;
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
技术大类 技术大类 | 网络安全 | 评论(0) | 阅读(144)