Freeimage Project: >> Freeimage >> 3.17.0 Security Vulnerabilities
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.
CVSS Score
9.8
EPSS Score
0.003
Published
2024-09-19
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability.
CVSS Score
7.8
EPSS Score
0.005
Published
2017-01-06
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.
CVSS Score
5.0
EPSS Score
0.023
Published
2015-09-29