CVE-2019-12212 — Uncontrolled Recursion in Project Freeimage

CWE-674 — Uncontrolled Recursion9 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 29.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freeimage Project Freeimage

Timeline

PublishedMay 20

Latest updateMay 24

Description

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDfreeimage_project/freeimage3.18.0

🔴Vulnerability Details

GHSA

GHSA-rp8j-g7jf-vmc8: When FreeImage 3↗2022-05-24

▶

OSV

CVE-2019-12212: When FreeImage 3↗2019-05-20

▶

CVEList

CVE-2019-12212: When FreeImage 3↗2019-05-20

▶

📋Vendor Advisories

Debian

CVE-2019-12212: freeimage - When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function o...↗2019

▶

💬Community

Bugzilla

CVE-2019-12212 freeimage: stack exhaustion in function StreamCalcIFDSize in JXRMeta.c [epel-all]↗2019-07-23

▶

Bugzilla

CVE-2019-12212 freeimage: stack exhaustion in function StreamCalcIFDSize in JXRMeta.c [fedora-all]↗2019-07-23

▶

Bugzilla

CVE-2019-12212 freeimage: stack exhaustion in function StreamCalcIFDSize in JXRMeta.c↗2019-07-23

▶

Bugzilla

CVE-2019-12212 mingw-freeimage: freeimage: stack exhaustion in function StreamCalcIFDSize in JXRMeta.c [fedora-all]↗2019-07-23

▶