CVE-2020-22524 — Classic Buffer Overflow in Project Freeimage

CWE-120 — Classic Buffer Overflow6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 64.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freeimage Project Freeimage

Timeline

PublishedAug 22

Latest updateJan 16

Description

Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶Debianfreeimage_project/freeimage< 3.18.0+ds2-6+deb11u1+3

▶NVDfreeimage_project/freeimage3.19.0

🔴Vulnerability Details

CVEList

CVE-2020-22524: Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3↗2023-08-22

▶

GHSA

GHSA-qrgg-mgwx-hq8f: Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3↗2023-08-22

▶

OSV

CVE-2020-22524: Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3↗2023-08-22

▶

📋Vendor Advisories

Ubuntu

FreeImage vulnerabilities↗2024-01-16

▶

Debian

CVE-2020-22524: freeimage - Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3....↗2020

▶