Freeimage
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28567 | Med | 0.40 | 6.2 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format. | ||
| CVE-2024-28564 | Med | 0.40 | 6.2 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format. | ||
| CVE-2024-28563 | Med | 0.38 | 5.9 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format. | ||
| CVE-2024-28577 | Med | 0.36 | 5.5 | 0.00 | Mar 20, 2024 | Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format. | ||
| CVE-2024-28576 | Med | 0.36 | 5.5 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format. | ||
| CVE-2024-28571 | Med | 0.36 | 5.5 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format. | ||
| CVE-2024-28570 | Med | 0.36 | 5.5 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format. | ||
| CVE-2024-28565 | Med | 0.36 | 5.5 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format. | ||
| CVE-2021-33367 | Med | 0.36 | 5.5 | 0.00 | Feb 22, 2023 | Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file. | ||
| CVE-2024-28584 | Low | 0.21 | 3.3 | 0.00 | Mar 20, 2024 | Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format. | ||
| CVE-2025-70968 | 0.00 | — | 0.00 | Jan 14, 2026 | FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). | |||
| CVE-2025-65803 | 0.00 | — | 0.00 | Dec 10, 2025 | An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file. | |||
| CVE-2015-0852 | 0.00 | — | 0.03 | Sep 29, 2015 | Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. |
- risk 0.40cvss 6.2epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format.
- risk 0.40cvss 6.2epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format.
- risk 0.38cvss 5.9epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format.
- risk 0.36cvss 5.5epss 0.00
Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format.
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format.
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.
- risk 0.21cvss 3.3epss 0.00
Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.
- CVE-2025-70968Jan 14, 2026risk 0.00cvss —epss 0.00
FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().
- CVE-2025-65803Dec 10, 2025risk 0.00cvss —epss 0.00
An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file.
- CVE-2015-0852Sep 29, 2015risk 0.00cvss —epss 0.03
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.
Page 3 of 3