Freeimage Project Freeimage vulnerabilities

53 known vulnerabilities affecting freeimage_project/freeimage.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL2HIGH21MEDIUM29LOW1

Vulnerabilities

Page 2 of 3

CVE-2024-28567MEDIUMCVSS 6.2v3.19.02024-03-20

CVE-2024-28567 [MEDIUM] CWE-121 CVE-2024-28567: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format.

nvd

CVE-2024-28577MEDIUMCVSS 5.5v3.19.02024-03-20

CVE-2024-28577 [MEDIUM] CWE-476 CVE-2024-28577: Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local atta Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format.

nvd

CVE-2024-28575MEDIUMCVSS 6.2v3.19.02024-03-20

CVE-2024-28575 [MEDIUM] CWE-121 CVE-2024-28575: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format.

nvd

CVE-2024-28564MEDIUMCVSS 6.2v3.19.02024-03-20

CVE-2024-28564 [MEDIUM] CWE-120 CVE-2024-28564: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format.

nvd

CVE-2024-28563MEDIUMCVSS 5.9v3.19.02024-03-20

CVE-2024-28563 [MEDIUM] CWE-121 CVE-2024-28563: Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to c Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format.

nvd

CVE-2024-28584LOWCVSS 3.3v3.19.02024-03-20

CVE-2024-28584 [LOW] CWE-476 CVE-2024-28584: Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local atta Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.

nvd

CVE-2023-47997MEDIUMCVSS 6.5v3.18.02024-01-10

CVE-2023-47997 [MEDIUM] CWE-835 CVE-2023-47997: An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an in An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service.

nvd

CVE-2023-47992HIGHCVSS 8.8v3.18.02024-01-09

CVE-2023-47992 [HIGH] CWE-190 CVE-2023-47992: An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows att An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.

nvd

CVE-2023-47994HIGHCVSS 8.8v3.18.02024-01-09

CVE-2023-47994 [HIGH] CWE-190 CVE-2023-47994: An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.

nvd

CVE-2023-47993MEDIUMCVSS 6.5v3.18.02024-01-09

CVE-2023-47993 [MEDIUM] CWE-125 CVE-2023-47993: A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.

nvd

CVE-2023-47995MEDIUMCVSS 6.5v3.18.02024-01-09

CVE-2023-47995 [MEDIUM] CWE-120 CVE-2023-47995: Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.

nvd

CVE-2023-47996MEDIUMCVSS 6.5v3.18.02024-01-09

CVE-2023-47996 [MEDIUM] CWE-190 CVE-2023-47996: An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attacke An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.

nvd

CVE-2020-24295HIGHCVSS 8.8v3.19.02023-08-22

CVE-2020-24295 [HIGH] CWE-120 CVE-2020-24295: Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows r Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.

nvd

CVE-2020-21428HIGHCVSS 7.8v3.18.02023-08-22

CVE-2020-21428 [HIGH] CWE-120 CVE-2020-21428: Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

nvdosv

CVE-2020-21427HIGHCVSS 7.8v3.18.02023-08-22

CVE-2020-21427 [HIGH] CWE-120 CVE-2020-21427: Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 all Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

nvdosv

CVE-2021-40263HIGHCVSS 8.8v1.18.02023-08-22

CVE-2021-40263 [HIGH] CWE-787 CVE-2021-40263: A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp. A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.

nvd

CVE-2021-40265HIGHCVSS 8.8fixed in 1.18.02023-08-22

CVE-2021-40265 [HIGH] CWE-787 CVE-2021-40265: A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp. A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.

nvd

CVE-2020-24292HIGHCVSS 8.8v3.19.02023-08-22

CVE-2020-24292 [HIGH] CWE-120 CVE-2020-24292: Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows r Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.

nvd

CVE-2020-24293HIGHCVSS 8.8v3.19.02023-08-22

CVE-2020-24293 [HIGH] CWE-120 CVE-2020-24293: Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] all Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.

nvd

CVE-2020-21426HIGHCVSS 7.8v3.18.02023-08-22

CVE-2020-21426 [HIGH] CWE-120 CVE-2020-21426: Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allow Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

nvd

← Previous2 / 3Next →