linux-wallpaperengine icon indicating copy to clipboard operation
linux-wallpaperengine copied to clipboard

Published 20 hours ago verified publisher icon Almamu

Freeimage security issues

Open Kasper24 opened this issue 11 months ago • 2 comments

The library seems to be unmaintained at this point. I wonder if it's possible to switch to something else? https://github.com/advisories/GHSA-hj68-qmgw-mf32 https://github.com/advisories/GHSA-mxvg-x4fj-7g3v https://github.com/advisories/GHSA-r5gh-c4hv-26j3 https://github.com/advisories/GHSA-6jfr-j7mc-g8fg https://github.com/advisories/GHSA-5257-h5wm-w97c

I might also suffer from another issue, but on Wayland it's not working correctly atm

Kasper24 avatar Mar 02 '24 02:03 Kasper24

Here is a full list of vulnerabilities: - CVE-2021-33367 - CVE-2021-40262 - CVE-2021-40263 - CVE-2021-40264 - CVE-2021-40265 - CVE-2021-40266 - CVE-2023-47992 - CVE-2023-47993 - CVE-2023-47994 - CVE-2023-47995 - CVE-2023-47996

This library is definitely unmaintained.

DaniD3v avatar Mar 12 '24 15:03 DaniD3v

Do the maintainers have any plans of addressing this?

xescure avatar Sep 10 '24 17:09 xescure

hello, i second this. im on nixos and they dropped support due to the unaddressed CVEs.

chakibchemso avatar Oct 05 '24 19:10 chakibchemso

Any news on this? High expectations for this fix

g-libardi avatar Oct 06 '24 01:10 g-libardi

Fix should be up now, no changes on the compilation required as we're using stb_image and stb_image_write.

Almamu avatar Oct 12 '24 18:10 Almamu