rpm package
opensuse/freeimage&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/freeimage&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-21428 | Hig | 7.8 | < 3.18.0.1909-1.1 | 3.18.0.1909-1.1 | Aug 22, 2023 | Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | |
| CVE-2019-12213 | Med | 6.5 | < 3.18.0-4.4 | 3.18.0-4.4 | May 20, 2019 | When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. | |
| CVE-2019-12211 | Hig | 7.5 | < 3.18.0-4.4 | 3.18.0-4.4 | May 20, 2019 | When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow. | |
| CVE-2016-5684 | Hig | 7.8 | < 3.18.0-4.4 | 3.18.0-4.4 | Jan 6, 2017 | An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vu | |
| CVE-2015-0852 | — | < 3.17.0-3.3 | 3.17.0-3.3 | Sep 29, 2015 | Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. |
- affected < 3.18.0.1909-1.1fixed 3.18.0.1909-1.1
Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
- affected < 3.18.0-4.4fixed 3.18.0-4.4
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
- affected < 3.18.0-4.4fixed 3.18.0-4.4
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
- affected < 3.18.0-4.4fixed 3.18.0-4.4
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vu
- CVE-2015-0852Sep 29, 2015affected < 3.17.0-3.3fixed 3.17.0-3.3
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.