Buffer Overflow Vulnerability in FreeImage by FreeImage Developers
CVE-2020-21426

7.8HIGH

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
22 August 2023

What is CVE-2020-21426?

A buffer overflow vulnerability in the C_IStream::read function within PluginEXR.cpp of FreeImage 3.18.0 enables remote attackers to exploit crafted image files, potentially executing arbitrary code. This vulnerability poses significant risks of unauthorized access and manipulation of system resources, emphasizing the importance of timely updates and security measures.

References

https://sourceforge.net/p/freeimage/bugs/300/
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.