Freeimage Project
Products
2- 53 CVEs
- 1 CVE
Recent CVEs
54| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31570 | Cri | 0.64 | 9.8 | 0.01 | Sep 19, 2024 | libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | ||
| CVE-2023-47994 | Hig | 0.57 | 8.8 | 0.01 | Jan 9, 2024 | An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code. | ||
| CVE-2023-47992 | Hig | 0.57 | 8.8 | 0.01 | Jan 9, 2024 | An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code. | ||
| CVE-2021-40265 | Hig | 0.57 | 8.8 | 0.01 | Aug 22, 2023 | A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp. | ||
| CVE-2021-40263 | Hig | 0.57 | 8.8 | 0.01 | Aug 22, 2023 | A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp. | ||
| CVE-2020-24295 | Hig | 0.57 | 8.8 | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file. | ||
| CVE-2020-24293 | Hig | 0.57 | 8.8 | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file. | ||
| CVE-2020-24292 | Hig | 0.57 | 8.8 | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file. | ||
| CVE-2024-28582 | Hig | 0.55 | 8.4 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format. | ||
| CVE-2024-28581 | Hig | 0.55 | 8.4 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format. | ||
| CVE-2024-28580 | Hig | 0.55 | 8.4 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format. | ||
| CVE-2024-28578 | Hig | 0.55 | 8.4 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format. | ||
| CVE-2024-28566 | Hig | 0.55 | 8.4 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format. | ||
| CVE-2024-28583 | Hig | 0.51 | 7.8 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format. | ||
| CVE-2024-28569 | Hig | 0.51 | 7.8 | 0.00 | Mar 20, 2024 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format. | ||
| CVE-2020-21428 | Hig | 0.51 | 7.8 | 0.00 | Aug 22, 2023 | Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | ||
| CVE-2020-21427 | Hig | 0.51 | 7.8 | 0.01 | Aug 22, 2023 | Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | ||
| CVE-2020-21426 | Hig | 0.51 | 7.8 | 0.00 | Aug 22, 2023 | Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | ||
| CVE-2016-5684 | Hig | 0.51 | 7.8 | 0.02 | Jan 6, 2017 | An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this… | ||
| CVE-2024-9029 | Hig | 0.49 | 7.5 | 0.00 | Sep 27, 2024 | A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked… |
- risk 0.64cvss 9.8epss 0.01
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.
- risk 0.57cvss 8.8epss 0.01
An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.
- risk 0.57cvss 8.8epss 0.01
An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.
- risk 0.57cvss 8.8epss 0.01
A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.
- risk 0.57cvss 8.8epss 0.01
A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
- risk 0.57cvss 8.8epss 0.01
Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.
- risk 0.57cvss 8.8epss 0.01
Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.
- risk 0.57cvss 8.8epss 0.01
Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.
- risk 0.55cvss 8.4epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.
- risk 0.55cvss 8.4epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.
- risk 0.55cvss 8.4epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.
- risk 0.55cvss 8.4epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format.
- risk 0.55cvss 8.4epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format.
- risk 0.51cvss 7.8epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.
- risk 0.51cvss 7.8epss 0.00
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format.
- risk 0.51cvss 7.8epss 0.00
Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
- risk 0.51cvss 7.8epss 0.01
Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
- risk 0.51cvss 7.8epss 0.00
Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
- risk 0.51cvss 7.8epss 0.02
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this…
- risk 0.49cvss 7.5epss 0.00
A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked…