Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-6586-1
HistoryJan 16, 2024 - 12:44 p.m.

freeimage vulnerabilities

2024-01-1612:44:38
Google
osv.dev
7
freeimage
memory operations
crafted tiff
denial of service
ubuntu 16.04 lts
ubuntu 20.04 lts
stack exhaustion
automated system
arbitrary code
pfm file
cve-2019-12211
cve-2019-12213
cve-2020-21427
cve-2020-21428
cve-2020-22524

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.9%

JSON

It was discovered that FreeImage incorrectly handled certain memory
operations. If a user were tricked into opening a crafted TIFF file, a
remote attacker could use this issue to cause a heap buffer overflow,
resulting in a denial of service attack. This issue only affected Ubuntu
16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12211)

It was discovered that FreeImage incorrectly processed images under
certain circumstances. If a user were tricked into opening a crafted TIFF
file, a remote attacker could possibly use this issue to cause a stack
exhaustion condition, resulting in a denial of service attack. This issue
only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. (CVE-2019-12213)

It was discovered that FreeImage incorrectly processed certain images.
If a user or automated system were tricked into opening a specially
crafted image file, a remote attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. (CVE-2020-21427,
CVE-2020-21428)

It was discovered that FreeImage incorrectly processed certain images.
If a user or automated system were tricked into opening a specially
crafted PFM file, an attacker could possibly use this issue to cause a
denial of service. (CVE-2020-22524)

Related

openvas 15
nessus 11
ubuntu 2
debian 4
osv 5
fedora 8
mageia 1
gentoo 1
prion 5
cve 5
alpinelinux 4
cvelist 5
debiancve 5
nvd 5
ubuntucve 5
cnvd 3
openvas
openvas
Ubuntu: Security Advisory (USN-6586-1)
2024-01-17 00:00:00
Debian: Security Advisory (DLA-3662-1)
2023-11-27 00:00:00
Debian: Security Advisory (DSA-5579-1)
2023-12-19 00:00:00
nessus
nessus
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : FreeImage vulnerabilities (USN-6586-1)
2024-01-16 00:00:00
Debian DLA-3662-1 : freeimage - LTS security update
2023-11-25 00:00:00
Debian DSA-5579-1 : freeimage - security update
2023-12-18 00:00:00
ubuntu
ubuntu
FreeImage vulnerabilities
2024-01-16 00:00:00
FreeImage vulnerabilities
2020-09-22 00:00:00
debian
debian
[SECURITY] [DLA 3662-1] freeimage security update
2023-11-25 21:36:10
[SECURITY] [DSA 5579-1] freeimage security update
2023-12-17 18:41:43
[SECURITY] [DSA 4593-1] freeimage security update
2019-12-27 22:12:01
osv
osv
freeimage - security update
2023-12-17 00:00:00
freeimage - security update
2023-11-24 00:00:00
freeimage - security update
2019-12-27 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: freeimage-3.18.0-6.fc31
2019-11-27 00:25:08
[SECURITY] Fedora 30 Update: mingw-freeimage-3.18.0-7.fc30
2019-11-26 23:54:56
[SECURITY] Fedora 38 Update: freeimage-3.19.0-0.19.svn1909.fc38
2023-09-06 01:20:18
mageia
mageia
Updated freeimage packages fix security vulnerabilities
2020-01-05 18:37:51
gentoo
gentoo
FreeImage: Multiple vulnerabilities
2021-07-03 00:00:00
prion
prion
Heap overflow
2019-05-20 16:29:00
Stack overflow
2019-05-20 16:29:00
Buffer overflow
2023-08-22 19:16:00
cve
cve
CVE-2019-12211
2019-05-20 16:29:01
CVE-2019-12213
2019-05-20 16:29:01
CVE-2020-21428
2023-08-22 19:16:12
alpinelinux
alpinelinux
CVE-2019-12213
2019-05-20 16:29:01
CVE-2019-12211
2019-05-20 16:29:01
CVE-2020-21428
2023-08-22 19:16:12
cvelist
cvelist
CVE-2019-12213
2019-05-20 15:05:25
CVE-2019-12211
2019-05-20 15:05:02
CVE-2020-21428
2023-08-22 00:00:00
debiancve
debiancve
CVE-2019-12211
2019-05-20 16:29:01
CVE-2019-12213
2019-05-20 16:29:01
CVE-2020-21428
2023-08-22 19:16:12
nvd
nvd
CVE-2019-12211
2019-05-20 16:29:01
CVE-2019-12213
2019-05-20 16:29:01
CVE-2020-21428
2023-08-22 19:16:12
ubuntucve
ubuntucve
CVE-2019-12213
2019-05-20 00:00:00
CVE-2020-21428
2023-08-22 00:00:00
CVE-2020-22524
2023-08-22 00:00:00
cnvd
cnvd
FreeImage FreeImage_Load function buffer overflow vulnerability
2023-08-25 00:00:00
FreeImage LoadRGB function buffer overflow vulnerability
2023-08-25 00:00:00
FreeImage LoadPixelDataRLE8 function buffer overflow vulnerability
2023-08-25 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.9%

JSON
Related for OSV:USN-6586-1
openvas15nessus11ubuntu2debian4osv5fedora8mageia1gentoo1prion5cve5alpinelinux4cvelist5debiancve5nvd5ubuntucve5cnvd3