CVE-2015-0852 — Integer Underflow (Wrap or Wraparound) in Project Freeimage

CWE-1899 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

2.2%

top 15.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freeimage Project Freeimage

Timeline

PublishedSep 29

Latest updateMay 14

Description

Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianfreeimage_project/freeimage< 3.15.4-5+3

▶NVDfreeimage_project/freeimage3.17.0

Patches

Patch: lists.fedoraproject.org ↗Patch: www.openwall.com ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-vg9f-qf95-c67j: Multiple integer underflows in PluginPCX↗2022-05-14

▶

CVEList

CVE-2015-0852: Multiple integer underflows in PluginPCX↗2015-09-29

▶

OSV

CVE-2015-0852: Multiple integer underflows in PluginPCX↗2015-09-29

▶

📋Vendor Advisories

Debian

CVE-2015-0852: freeimage - Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier all...↗2015

▶

💬Community

Bugzilla

CVE-2015-0852 mingw-freeimage: freeimage: integer overflow in PluginPCX.cpp [fedora-all]↗2015-08-28

▶

Bugzilla

CVE-2015-0852 freeimage: integer overflow in PluginPCX.cpp [epel-all]↗2015-08-28

▶

Bugzilla

CVE-2015-0852 freeimage: integer overflow in PluginPCX.cpp↗2015-08-28

▶

Bugzilla

CVE-2015-0852 freeimage: integer overflow in PluginPCX.cpp [fedora-all]↗2015-08-28

▶