Buffer Overflow Vulnerability in FreeImage Software from FreeImage Project
CVE-2020-21428

7.8HIGH

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
22 August 2023

What is CVE-2020-21428?

A buffer overflow vulnerability exists in the LoadRGB function of the PluginDDS.cpp file in FreeImage 3.18.0. This vulnerability allows remote attackers to execute arbitrary code on the affected system by delivering specially crafted image files. Exploiting this flaw may lead to unauthorized operations and potentially compromise the integrity of the system.

References

https://sourceforge.net/p/freeimage/bugs/299/
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.