CVE-2020-21427Classic Buffer Overflow in Project Freeimage

CWE-120Classic Buffer Overflow6 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.8%
top 25.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Freeimage Project Freeimage
Timeline
PublishedAug 22
Latest updateJan 16

Description

Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Debianfreeimage_project/freeimage< 3.18.0+ds2-6+deb11u1+3

🔴Vulnerability Details

3
GHSA
GHSA-xjvv-5w4r-hfmv: Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP2023-08-22
OSV
CVE-2020-21427: Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP2023-08-22
CVEList
CVE-2020-21427: Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP2023-08-22

📋Vendor Advisories

2
Ubuntu
FreeImage vulnerabilities2024-01-16
Debian
CVE-2020-21427: freeimage - Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in ...2020
CVE-2020-21427 — Classic Buffer Overflow | cvebase