Freeimage Security Vulnerabilities and Issues — Freeimage CVE List

Lucene search

Freeimage ProjectFreeimage

9 matches found

CVE•added 2019/05/20 4:29 p.m.•92 views

CVE-2019-12211

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.

7.5CVSS7.2AI score0.00884EPSS

CVE•added 2023/08/22 7:16 p.m.•67 views

CVE-2020-21428

Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

7.8CVSS7.6AI score0.00061EPSS

CVE•added 2024/03/20 6:15 a.m.•65 views

CVE-2024-28583

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.

7.8CVSS7.5AI score0.00077EPSS

CVE•added 2017/01/06 9:59 p.m.•64 views

CVE-2016-5684

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability.

7.8CVSS7.7AI score0.00505EPSS

CVE•added 2023/08/22 7:16 p.m.•63 views

CVE-2020-21427

Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

7.8CVSS7.6AI score0.00362EPSS

CVE•added 2024/03/20 6:15 a.m.•60 views

CVE-2024-28569

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format.

7.8CVSS7.5AI score0.00041EPSS

CVE•added 2023/08/22 7:16 p.m.•48 views

CVE-2020-21426

Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

7.8CVSS7.6AI score0.00268EPSS

CVE•added 2019/05/20 4:29 p.m.•39 views

CVE-2019-12212

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

7.5CVSS7.3AI score0.0065EPSS

CVE•added 2019/05/20 4:29 p.m.•38 views

CVE-2019-12214

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

7.5CVSS7.5AI score0.00334EPSS