CVE-2020-21428 — Classic Buffer Overflow in Project Freeimage

CWE-120 — Classic Buffer Overflow6 documents6 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 80.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freeimage Project Freeimage

Timeline

PublishedAug 22

Latest updateJan 16

Description

Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶Debianfreeimage_project/freeimage< 3.18.0+ds2-6+deb11u1+3

▶NVDfreeimage_project/freeimage3.18.0

🔴Vulnerability Details

CVEList

CVE-2020-21428: Buffer Overflow vulnerability in function LoadRGB in PluginDDS↗2023-08-22

▶

OSV

CVE-2020-21428: Buffer Overflow vulnerability in function LoadRGB in PluginDDS↗2023-08-22

▶

GHSA

GHSA-5qcr-q6p5-3jp9: Buffer Overflow vulnerability in function LoadRGB in PluginDDS↗2023-08-22

▶

📋Vendor Advisories

Ubuntu

FreeImage vulnerabilities↗2024-01-16

▶

Debian

CVE-2020-21428: freeimage - Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage ...↗2020

▶