CVE-2016-5684 — Out-of-bounds Write in Freeimage
Severity
7.8HIGHNVD
EPSS
0.5%
top 34.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 6
Latest updateMay 14
Description
An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this vulnerability.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages3 packages
🔴Vulnerability Details
3GHSA▶
GHSA-wf6p-hgq4-x57x: An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library↗2022-05-14
OSV▶
CVE-2016-5684: An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library↗2017-01-06
CVEList▶
CVE-2016-5684: An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library↗2017-01-06
📋Vendor Advisories
2🕵️Threat Intelligence
2💬Community
4Bugzilla▶
CVE-2016-5684 mingw-freeimage: freeimage: XMP Image Handling Code Execution Vulnerability [fedora-all]↗2016-10-04
Bugzilla
▶
Bugzilla
▶