Stack Exhaustion Vulnerability in FreeImage by FreeImage Developers
CVE-2019-12213

6.5MEDIUM

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
20 May 2019

What is CVE-2019-12213?

FreeImage 3.18.0 contains a vulnerability that occurs when the TIFFReadDirectory function in PluginTIFF.cpp processes a specially crafted TIFF file. This function always returns 1, which can lead to stack exhaustion. This flaw can potentially be exploited by attackers to cause a denial-of-service condition, impacting the performance and availability of applications relying on FreeImage for image processing. It is essential for users and administrators of FreeImage to apply updates or follow security advisories to mitigate the risks associated with this vulnerability.

References

https://sourceforge.net/p/freeimage/discussion/36111/thre...
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.