CVE-2020-21427

2023-08-2200:00:00

ubuntu.com

cve-2020-21427

buffer overflow

freeimage 3.18.0

pluginbmp.cpp

crafted image file

remote attackers

arbitrary code

unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

49.8%

JSON

Buffer Overflow vulnerability in function LoadPixelDataRLE8 in
PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary
code and cause other impacts via crafted image file.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfreeimage< 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1UNKNOWN
ubuntu20.04noarchfreeimage< 3.18.0+ds2-1ubuntu3.1UNKNOWN
ubuntu22.04noarchfreeimage< 3.18.0+ds2-6ubuntu5.1UNKNOWN
ubuntu23.04noarchfreeimage< 3.18.0+ds2-9ubuntu0.1UNKNOWN
ubuntu23.10noarchfreeimage< 3.18.0+ds2-9.1ubuntu0.1UNKNOWN
ubuntu24.04noarchfreeimage< anyUNKNOWN
ubuntu14.04noarchfreeimage< 3.15.4-3ubuntu0.1+esm3UNKNOWN
ubuntu16.04noarchfreeimage< 3.17.0+ds1-2ubuntu0.1+esm1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	freeimage	< 3.17.0+ds1-5+deb9u1ubuntu0.1~esm1	UNKNOWN
ubuntu	20.04	noarch	freeimage	< 3.18.0+ds2-1ubuntu3.1	UNKNOWN
ubuntu	22.04	noarch	freeimage	< 3.18.0+ds2-6ubuntu5.1	UNKNOWN
ubuntu	23.04	noarch	freeimage	< 3.18.0+ds2-9ubuntu0.1	UNKNOWN
ubuntu	23.10	noarch	freeimage	< 3.18.0+ds2-9.1ubuntu0.1	UNKNOWN
ubuntu	24.04	noarch	freeimage	< any	UNKNOWN
ubuntu	14.04	noarch	freeimage	< 3.15.4-3ubuntu0.1+esm3	UNKNOWN
ubuntu	16.04	noarch	freeimage	< 3.17.0+ds1-2ubuntu0.1+esm1	UNKNOWN