Buffer Overflow Vulnerability in FreeImage by FreeImage Developers
CVE-2020-21426

7.8HIGH

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
22 August 2023

What is CVE-2020-21426?

A buffer overflow vulnerability in the C_IStream::read function within PluginEXR.cpp of FreeImage 3.18.0 enables remote attackers to exploit crafted image files, potentially executing arbitrary code. This vulnerability poses significant risks of unauthorized access and manipulation of system resources, emphasizing the importance of timely updates and security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://sourceforge.net/p/freeimage/bugs/300/
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.