CVE-2019-12214 — Out-of-bounds Read in Project Freeimage

CWE-125 — Out-of-bounds Read9 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freeimage Project Freeimage
Timeline
PublishedMay 20
Latest updateMay 24

Description

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-4fj8-c7x8-6q88: In FreeImage 3↗2022-05-24
â–¶
OSV
CVE-2019-12214: In FreeImage 3↗2019-05-20
â–¶
CVEList
CVE-2019-12214: In FreeImage 3↗2019-05-20
â–¶

📋Vendor Advisories

1
Debian
CVE-2019-12214: freeimage - In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of th...↗2019
â–¶

💬Community

4
Bugzilla
CVE-2019-12214 mingw-freeimage: freeimage: out-of-bounds access in function j2k_read_ppm_v3 in j2k.c [fedora-all]↗2019-07-23
â–¶
Bugzilla
CVE-2019-12214 freeimage: out-of-bounds access in function j2k_read_ppm_v3 in j2k.c [fedora-all]↗2019-07-23
â–¶
Bugzilla
CVE-2019-12214 freeimage: out-of-bounds access in function j2k_read_ppm_v3 in j2k.c↗2019-07-23
â–¶
Bugzilla
CVE-2019-12214 freeimage: out-of-bounds access in function j2k_read_ppm_v3 in j2k.c [epel-all]↗2019-07-23
â–¶
CVE-2019-12214 — Out-of-bounds Read | cvebase