VYPR

Vendor CVEs

Freeimage Project

All CVEs

54 total · sorted by risk
  • CVE-2024-31570CriSep 19, 2024
    risk 0.64cvss 9.8epss 0.01

    libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.

  • CVE-2023-47994HigJan 9, 2024
    risk 0.57cvss 8.8epss 0.01

    An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.

  • CVE-2023-47992HigJan 9, 2024
    risk 0.57cvss 8.8epss 0.01

    An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.

  • CVE-2021-40265HigAug 22, 2023
    risk 0.57cvss 8.8epss 0.01

    A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.

  • CVE-2021-40263HigAug 22, 2023
    risk 0.57cvss 8.8epss 0.01

    A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.

  • CVE-2020-24295HigAug 22, 2023
    risk 0.57cvss 8.8epss 0.01

    Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.

  • CVE-2020-24293HigAug 22, 2023
    risk 0.57cvss 8.8epss 0.01

    Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.

  • CVE-2020-24292HigAug 22, 2023
    risk 0.57cvss 8.8epss 0.01

    Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.

  • CVE-2024-28582HigMar 20, 2024
    risk 0.55cvss 8.4epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.

  • CVE-2024-28581HigMar 20, 2024
    risk 0.55cvss 8.4epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format.

  • CVE-2024-28580HigMar 20, 2024
    risk 0.55cvss 8.4epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format.

  • CVE-2024-28578HigMar 20, 2024
    risk 0.55cvss 8.4epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format.

  • CVE-2024-28566HigMar 20, 2024
    risk 0.55cvss 8.4epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format.

  • CVE-2024-28583HigMar 20, 2024
    risk 0.51cvss 7.8epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.

  • CVE-2024-28569HigMar 20, 2024
    risk 0.51cvss 7.8epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format.

  • CVE-2020-21428HigAug 22, 2023
    risk 0.51cvss 7.8epss 0.00

    Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

  • CVE-2020-21427HigAug 22, 2023
    risk 0.51cvss 7.8epss 0.01

    Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

  • CVE-2020-21426HigAug 22, 2023
    risk 0.51cvss 7.8epss 0.00

    Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

  • CVE-2016-5684HigJan 6, 2017
    risk 0.51cvss 7.8epss 0.02

    An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this…

  • CVE-2024-9029HigSep 27, 2024
    risk 0.49cvss 7.5epss 0.00

    A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked…

  • CVE-2019-12214HigMay 20, 2019
    risk 0.49cvss 7.5epss 0.01

    In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

  • CVE-2019-12212HigMay 20, 2019
    risk 0.49cvss 7.5epss 0.02

    When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially…

  • CVE-2019-12211HigMay 20, 2019
    risk 0.49cvss 7.5epss 0.04

    When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.

  • CVE-2024-28562MedMar 20, 2024
    risk 0.44cvss 6.8epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format.

  • CVE-2023-47997MedJan 10, 2024
    risk 0.42cvss 6.5epss 0.01

    An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.

  • CVE-2023-47996MedJan 9, 2024
    risk 0.42cvss 6.5epss 0.01

    An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.

  • CVE-2023-47995MedJan 9, 2024
    risk 0.42cvss 6.5epss 0.01

    Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.

  • CVE-2023-47993MedJan 9, 2024
    risk 0.42cvss 6.5epss 0.01

    A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.

  • CVE-2021-40266MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.

  • CVE-2021-40264MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.

  • CVE-2021-40262MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.

  • CVE-2020-24294MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.

  • CVE-2020-22524MedAug 22, 2023
    risk 0.42cvss 6.5epss 0.01

    Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.

  • CVE-2019-12213MedMay 20, 2019
    risk 0.42cvss 6.5epss 0.02

    When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

  • CVE-2018-11214MedMay 16, 2018
    risk 0.42cvss 6.5epss 0.02

    An issue was discovered in libjpeg 9a. The get_text_rgb_row function in rdppm.c allows remote attackers to cause a denial of service (Segmentation fault) via a crafted file.

  • CVE-2024-28579MedMar 20, 2024
    risk 0.40cvss 6.2epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format.

  • CVE-2024-28575MedMar 20, 2024
    risk 0.40cvss 6.2epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.

  • CVE-2024-28574MedMar 20, 2024
    risk 0.40cvss 6.2epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format.

  • CVE-2024-28573MedMar 20, 2024
    risk 0.40cvss 6.2epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format.

  • CVE-2024-28572MedMar 20, 2024
    risk 0.40cvss 6.2epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format.

  • CVE-2024-28568MedMar 20, 2024
    risk 0.40cvss 6.2epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format.

  • CVE-2024-28567MedMar 20, 2024
    risk 0.40cvss 6.2epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format.

  • CVE-2024-28564MedMar 20, 2024
    risk 0.40cvss 6.2epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format.

  • CVE-2024-28563MedMar 20, 2024
    risk 0.38cvss 5.9epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format.

  • CVE-2024-28577MedMar 20, 2024
    risk 0.36cvss 5.5epss 0.00

    Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.

  • CVE-2024-28576MedMar 20, 2024
    risk 0.36cvss 5.5epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format.

  • CVE-2024-28571MedMar 20, 2024
    risk 0.36cvss 5.5epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format.

  • CVE-2024-28570MedMar 20, 2024
    risk 0.36cvss 5.5epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format.

  • CVE-2024-28565MedMar 20, 2024
    risk 0.36cvss 5.5epss 0.00

    Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format.

  • CVE-2021-33367MedFeb 22, 2023
    risk 0.36cvss 5.5epss 0.00

    Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

Page 1 of 2