CVE-2024-31570

2024-04-1200:00:00

ubuntu.com

freeimage library

xpm format

stack overflow

command execution

unix

8 High

AI Score

Confidence

Low

0 Low

EPSS

Percentile

0.0%

JSON

In FreeImage library version 3.19.0 [r1909], when reading images in XPM
format, the Load() function has a stack overflow write vulnerability, which
may lead to a command execution.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfreeimage< anyUNKNOWN
ubuntu20.04noarchfreeimage< anyUNKNOWN
ubuntu22.04noarchfreeimage< anyUNKNOWN
ubuntu23.10noarchfreeimage< anyUNKNOWN
ubuntu24.04noarchfreeimage< anyUNKNOWN
ubuntu14.04noarchfreeimage< anyUNKNOWN
ubuntu16.04noarchfreeimage< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	freeimage	< any	UNKNOWN
ubuntu	20.04	noarch	freeimage	< any	UNKNOWN
ubuntu	22.04	noarch	freeimage	< any	UNKNOWN
ubuntu	23.10	noarch	freeimage	< any	UNKNOWN
ubuntu	24.04	noarch	freeimage	< any	UNKNOWN
ubuntu	14.04	noarch	freeimage	< any	UNKNOWN
ubuntu	16.04	noarch	freeimage	< any	UNKNOWN

References

www.openwall.com/lists/oss-security/2024/04/11

launchpad.net/bugs/cve/CVE-2024-31570

marc.info/?l=oss-security&m=171284642816463

nvd.nist.gov/vuln/detail/CVE-2024-31570

security-tracker.debian.org/tracker/CVE-2024-31570

www.cve.org/CVERecord?id=CVE-2024-31570