Integer Underflow Vulnerability in FreeImage by LibRaw
CVE-2015-0852

Currently unrated

Key Information:

Vendor: Freeimage Project
Status: Freeimage
Vendor: CVE Published:; 29 September 2015

🔔 Create Freeimage Project Vulnerability Alert

What is CVE-2015-0852?

The vulnerability in FreeImage versions up to 3.17.0 allows remote attackers to exploit integer underflows in PluginPCX.cpp. By manipulating the height and width parameters of a window, attackers can potentially trigger heap memory corruption, resulting in a denial of service. This poses significant risks to applications relying on FreeImage for image processing, making it crucial for users to ensure they are using a patched version of the software.

References

http://www.securitytracker.com/id/1034077

vdb-entryx_refsource_SECTRACK

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

https://www.oracle.com/technetwork/security-advisory/cpuj...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2015
Vulnerability Reserved
Jan 7, 2015

JSON