Published: 06/01/2017 Updated: 28/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

It exists that an out-of-bounds write vulnerability existed in the XMP image handling functionality of the FreeImage library. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could overwrite arbitrary memory, resulting in code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
freeimage project freeimage 3.17.0

Debian Bug report logs - #839827 freeimage: CVE-2016-5684 Package: src:freeimage; Maintainer for src:freeimage is Debian Science Maintainers <debian-science-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 5 Oct 2016 13:09:01 UTC Severity: grave Tags: security, u ...

FreeImage could be made to crash or run programs as your login if it opened a specially crafted file ...

Multiple vulnerabilities were discovered in the FreeImage multimedia library, which might result in denial of service or the execution of arbitrary code if a malformed XMP or RAW image is processed For the stable distribution (jessie), these problems have been fixed in version 3154-42+deb8u1 For the testing distribution (stretch), these proble ...

CWE-787 http://www.talosintelligence.com/reports/TALOS-2016-0189/http://www.securityfocus.com/bid/93287 https://security.gentoo.org/glsa/201701-68 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html https://usn.ubuntu.com/3925-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839827 https://usn.ubuntu.com/3925-1/https://nvd.nist.gov

CVE-2016-5684

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect