Out-of-Bounds Write Vulnerability in FreeImage Library Image Handling
CVE-2016-5684

7.8HIGH

Key Information:

Vendor

Freeimage

Status
Freeimage
Vendor
CVE Published:
6 January 2017

What is CVE-2016-5684?

An out-of-bounds write vulnerability in the XMP image handling functionality of the FreeImage library has been identified. When a specially crafted XMP file is processed, it may result in arbitrary memory overwriting, allowing an attacker to execute arbitrary code. By exploiting this vulnerability, adversaries can provide tailored malicious images that could trigger the execution of harmful commands on the affected systems. Users and organizations utilizing the FreeImage library should ensure they are using updated versions to mitigate this risk.

Affected Version(s)

FreeImage 3.17.0

References

http://www.talosintelligence.com/reports/TALOS-2016-0189/
x_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuj...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/93287
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.