VYPR

rpm package

opensuse/freeimage&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/freeimage&distro=openSUSE%20Tumbleweed

Vulnerabilities (5)

  • CVE-2020-21428HigAug 22, 2023
    affected < 3.18.0.1909-1.1fixed 3.18.0.1909-1.1

    Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

  • CVE-2019-12213MedMay 20, 2019
    affected < 3.18.0-4.4fixed 3.18.0-4.4

    When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

  • CVE-2019-12211HigMay 20, 2019
    affected < 3.18.0-4.4fixed 3.18.0-4.4

    When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.

  • CVE-2016-5684HigJan 6, 2017
    affected < 3.18.0-4.4fixed 3.18.0-4.4

    An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vu

  • CVE-2015-0852Sep 29, 2015
    affected < 3.17.0-3.3fixed 3.17.0-3.3

    Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.