Buffer Overflow Vulnerability in FreeImage by FreeImage Group
CVE-2020-21427

7.8HIGH

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
22 August 2023

What is CVE-2020-21427?

A buffer overflow vulnerability exists in the function LoadPixelDataRLE8 within PluginBMP.cpp in FreeImage version 3.18.0. This flaw allows remote attackers to execute arbitrary code by exploiting crafted image files. The manipulation of input data can lead to unintended memory access, resulting in severe consequences for the affected systems. It is crucial for users to update to the latest version of FreeImage to mitigate potential risks associated with this vulnerability.

References

https://sourceforge.net/p/freeimage/bugs/298/
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.