freeimage project freeimage 3.17.0 vulnerabilities and exploits

(subscribe to this query)

7.8

CVSSv3

An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vu...

Freeimage Project Freeimage 3.17.0

NA

Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and previous versions allow remote malicious users to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.

Freeimage Project Freeimage

7.5

CVSSv3

When FreeImage 3.18.0 reads a tiff file, it will be handed to the Load function of the PluginTIFF.cpp file, but a memcpy occurs in which the destination address and the size of the copied data are not considered, resulting in a heap overflow.

Freeimage Project Freeimage 3.18.0 Canonical Ubuntu Linux 18.04

6.5

CVSSv3

When FreeImage 3.18.0 reads a special TIFF file, the TIFFReadDirectory function in PluginTIFF.cpp always returns 1, leading to stack exhaustion.

Freeimage Project Freeimage 3.18.0 Canonical Ubuntu Linux 18.04 Debian Debian Linux 8.0 Debian Debian Linux 9.0 Debian Debian Linux 10.0 Fedoraproject Fedora 30 Fedoraproject Fedora 31

NA

Integer overflow in the ljpeg_start function in dcraw 7.00 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable.

Dcraw Project Dcraw Fedoraproject Fedora 21

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook