Vulnerability Details CVE-2020-21426
Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 34.4%
CVSS Severity
CVSS v3 Score 7.8
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUEK2JOVJBQZVNQIIZZO3JFMTVB4R5KS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGOMCRAANNCQYJYPPMGRQWKRZGIP6NME/
- https://sourceforge.net/p/freeimage/bugs/300/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUEK2JOVJBQZVNQIIZZO3JFMTVB4R5KS/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGOMCRAANNCQYJYPPMGRQWKRZGIP6NME/
- https://sourceforge.net/p/freeimage/bugs/300/
Products affected by CVE-2020-21426
-
cpe:2.3:a:freeimage_project:freeimage:3.18.0