Vulnerabilities
Vulnerable Software
Freeimage Project:  >> Freeimage  Security Vulnerabilities
Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-08-22
Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVSS Score
7.8
EPSS Score
0.004
Published
2023-08-22
Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVSS Score
7.8
EPSS Score
0.003
Published
2023-08-22
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-02-22
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
CVSS Score
7.5
EPSS Score
0.01
Published
2019-05-20
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.
CVSS Score
7.5
EPSS Score
0.006
Published
2019-05-20
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-05-20
In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
CVSS Score
7.5
EPSS Score
0.003
Published
2019-05-20
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-01-06
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.
CVSS Score
5.0
EPSS Score
0.023
Published
2015-09-29


Contact Us

Shodan ® - All rights reserved