Description

Multiple vulnerabilities have been discovered in FreeImage, an open-source library for graphic image formats, which could lead to denial of service attacks if left unpatched. The Ubuntu security team released critical updates on January 16, 2024, addressing these vulnerabilities in Ubuntu 16.04 and Ubuntu 18.04. However, as both releases have reached end-of-life (EOL), the updates are only available with an Ubuntu Pro subscription. Alternatively, TuxCare offers Extended Lifecycle Support for Ubuntu 16.04 and Ubuntu 18.04, providing five additional years of security patches after the EOL period. FreeImage is a widely-used library for image processing, supporting formats like PNG, BMP, JPEG, and TIFF. The vulnerabilities, including CVE-2019-12211, CVE-2019-12213, CVE-2020-21427, CVE-2020-21428, and CVE-2020-22524, affected several Ubuntu versions. CVE-2019-12211 could trigger a heap buffer overflow, impacting Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. CVE-2019-12213 could cause a stack exhaustion condition in the same versions. CVE-2020-21427 and CVE-2020-21428 were high-severity vulnerabilities involving buffer overflows, affecting various Ubuntu versions. Ubuntu users are advised to update their FreeImage versions promptly. Debian 11 and Debian 12 received fixes for these vulnerabilities on December 17, 2023. KernelCare Enterprise offers live patching services for Linux distributions, including Ubuntu and Debian, ensuring immediate deployment of security patches without system restarts or maintenance window.