Freeimage
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12214 | Hig | 0.49 | 7.5 | 0.01 | May 20, 2019 | In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data. | ||
| CVE-2019-12212 | Hig | 0.49 | 7.5 | 0.02 | May 20, 2019 | When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially… | ||
| CVE-2019-12211 | Hig | 0.49 | 7.5 | 0.04 | May 20, 2019 | When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow. | ||
| CVE-2024-28562 | Med | 0.44 | 6.8 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format. | ||
| CVE-2023-47997 | Med | 0.42 | 6.5 | 0.01 | Jan 10, 2024 | An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service. | ||
| CVE-2023-47996 | Med | 0.42 | 6.5 | 0.01 | Jan 9, 2024 | An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service. | ||
| CVE-2023-47995 | Med | 0.42 | 6.5 | 0.01 | Jan 9, 2024 | Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service. | ||
| CVE-2023-47993 | Med | 0.42 | 6.5 | 0.01 | Jan 9, 2024 | A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service. | ||
| CVE-2021-40266 | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2023 | FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference. | ||
| CVE-2021-40264 | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2023 | NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp. | ||
| CVE-2021-40262 | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2023 | A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp. | ||
| CVE-2020-24294 | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file. | ||
| CVE-2020-22524 | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file. | ||
| CVE-2019-12213 | Med | 0.42 | 6.5 | 0.02 | May 20, 2019 | When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion. | ||
| CVE-2024-28579 | Med | 0.40 | 6.2 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format. | ||
| CVE-2024-28575 | Med | 0.40 | 6.2 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format. | ||
| CVE-2024-28574 | Med | 0.40 | 6.2 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format. | ||
| CVE-2024-28573 | Med | 0.40 | 6.2 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format. | ||
| CVE-2024-28572 | Med | 0.40 | 6.2 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. | ||
| CVE-2024-28568 | Med | 0.40 | 6.2 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format. |
- risk 0.49cvss 7.5epss 0.01
In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.
- risk 0.49cvss 7.5epss 0.02
When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially…
- risk 0.49cvss 7.5epss 0.04
When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.
- risk 0.44cvss 6.8epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format.
- risk 0.42cvss 6.5epss 0.01
An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.
- risk 0.42cvss 6.5epss 0.01
An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.
- risk 0.42cvss 6.5epss 0.01
Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.
- risk 0.42cvss 6.5epss 0.01
A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.
- risk 0.42cvss 6.5epss 0.01
FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.
- risk 0.42cvss 6.5epss 0.01
NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.
- risk 0.42cvss 6.5epss 0.01
A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.
- risk 0.42cvss 6.5epss 0.01
Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.
- risk 0.42cvss 6.5epss 0.01
Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.
- risk 0.42cvss 6.5epss 0.02
When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.
- risk 0.40cvss 6.2epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format.
- risk 0.40cvss 6.2epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.
- risk 0.40cvss 6.2epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.
- risk 0.40cvss 6.2epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format.
- risk 0.40cvss 6.2epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.
- risk 0.40cvss 6.2epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format.
Page 2 of 3