Denial of Service Vulnerability in FreeImage by FreeImage Project
CVE-2019-12212

7.5HIGH

Key Information:

Vendor: Freeimage Project
Status: Freeimage
Vendor: CVE Published:; 20 May 2019

🔔 Create Freeimage Project Vulnerability Alert

What is CVE-2019-12212?

FreeImage version 3.18.0 contains a vulnerability that can be exploited by an attacker through specially crafted JXR files. When these files are processed, a function within the software enters a recursive loop due to improper handling of file data, ultimately leading to a condition known as stack exhaustion. This flaw enables a potential denial of service attack, allowing malicious actors to disrupt the normal operation of applications utilizing FreeImage.

References

https://sourceforge.net/p/freeimage/discussion/36111/thre...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2019
Vulnerability Reserved
May 20, 2019

JSON